./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3733426828

<...>
Warning: Permanently added '10.128.0.9' (ED25519) to the list of known hosts.
execve("./syz-executor3733426828", ["./syz-executor3733426828"], 0x7fffa46e0210 /* 10 vars */) = 0
brk(NULL)                               = 0x555565737000
brk(0x555565737d00)                     = 0x555565737d00
arch_prctl(ARCH_SET_FS, 0x555565737380) = 0
set_tid_address(0x555565737650)         = 5835
set_robust_list(0x555565737660, 24)     = 0
rseq(0x555565737ca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor3733426828", 4096) = 28
getrandom("\xbc\x97\x58\x78\x02\x13\x32\x0b", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x555565737d00
brk(0x555565758d00)                     = 0x555565758d00
brk(0x555565759000)                     = 0x555565759000
mprotect(0x7f099b865000, 16384, PROT_READ) = 0
mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000
mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000
mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000
mkdir("./syzkaller.SPj03W", 0700)       = 0
chmod("./syzkaller.SPj03W", 0777)       = 0
chdir("./syzkaller.SPj03W")             = 0
mkdir("./0", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5836 attached
 <unfinished ...>
[pid  5836] set_robust_list(0x555565737660, 24 <unfinished ...>
[pid  5835] <... clone resumed>, child_tidptr=0x555565737650) = 5836
[pid  5836] <... set_robust_list resumed>) = 0
[pid  5836] chdir("./0")                = 0
[pid  5836] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5836] setpgid(0, 0)               = 0
[pid  5836] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5836] write(3, "1000", 4)         = 4
[pid  5836] close(3)                    = 0
[pid  5836] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid  5836] write(1, "executing program\n", 18) = 18
[pid  5836] memfd_create("syzkaller", 0) = 3
[pid  5836] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f09933a6000
[pid  5836] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216
[pid  5836] munmap(0x7f09933a6000, 138412032) = 0
[pid  5836] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5836] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5836] close(3)                    = 0
[pid  5836] close(4)                    = 0
[pid  5836] mkdir("./file1", 0777)      = 0
[   80.956792][ T5836] loop0: detected capacity change from 0 to 32768
[   80.982852][ T5836] =======================================================
[   80.982852][ T5836] WARNING: The mand mount option has been deprecated and
[pid  5836] mount("/dev/loop0", "./file1", "ocfs2", MS_SYNCHRONOUS|MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME|MS_STRICTATIME, "acl,heartbeat=none,errors=remount-ro,coherency=full,preferred_slot=00000000000000000001,localflocks,"...) = 0
[pid  5836] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid  5836] chdir("./file1")            = 0
[pid  5836] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid  5836] creat("./file0", 000)       = -1 EROFS (Read-only file system)
[pid  5836] exit_group(0)               = ?
[   80.982852][ T5836]          and is ignored by this kernel. Remove the mand
[   80.982852][ T5836]          option from the mount to silence this warning.
[   80.982852][ T5836] =======================================================
[   81.039291][ T5836] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[pid  5836] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5836, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=18 /* 0.18 s */} ---
umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[   81.083988][ T5836] OCFS2: ERROR (device loop0): int ocfs2_validate_gd_self(struct super_block *, struct buffer_head *, int): Group descriptor #0 has bad signature 
[   81.084051][ T5836] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted.
[   81.084064][ T5836] OCFS2: File system is now read-only.
[   81.084073][ T5836] (syz-executor373,5836,0):ocfs2_search_chain:1817 ERROR: status = -30
[   81.084085][ T5836] (syz-executor373,5836,0):ocfs2_search_chain:1940 ERROR: status = -30
getdents64(3, 0x5555657386f0 /* 4 entries */, 32768) = 112
[   81.084098][ T5836] (syz-executor373,5836,0):ocfs2_claim_suballoc_bits:2010 ERROR: status = -30
[   81.084108][ T5836] (syz-executor373,5836,0):ocfs2_claim_suballoc_bits:2063 ERROR: status = -30
[   81.084118][ T5836] (syz-executor373,5836,0):ocfs2_claim_new_inode:2298 ERROR: status = -30
[   81.084128][ T5836] (syz-executor373,5836,0):ocfs2_claim_new_inode:2313 ERROR: status = -30
[   81.084140][ T5836] (syz-executor373,5836,0):ocfs2_mknod_locked:638 ERROR: status = -30
[   81.084150][ T5836] (syz-executor373,5836,0):ocfs2_mknod:385 ERROR: status = -30
[   81.084670][ T5836] (syz-executor373,5836,0):ocfs2_mknod:502 ERROR: status = -30
[   81.084686][ T5836] (syz-executor373,5836,0):ocfs2_create:675 ERROR: status = -30
umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555565740730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555565740730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./0/file1")                      = 0
umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[   81.262882][ T5835] ocfs2: Unmounting device (7,0) on (node local)
newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./0/binderfs")                  = 0
getdents64(3, 0x5555657386f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./0")                            = 0
mkdir("./1", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = 0
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5840 attached
, child_tidptr=0x555565737650) = 5840
[pid  5840] set_robust_list(0x555565737660, 24) = 0
[pid  5840] chdir("./1")                = 0
[pid  5840] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5840] setpgid(0, 0)               = 0
[pid  5840] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5840] write(3, "1000", 4)         = 4
[pid  5840] close(3)                    = 0
[pid  5840] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5840] write(1, "executing program\n", 18executing program
) = 18
[pid  5840] memfd_create("syzkaller", 0) = 3
[pid  5840] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f09933a6000
[   81.571718][   T10] cfg80211: failed to load regulatory.db
[pid  5840] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216
[pid  5840] munmap(0x7f09933a6000, 138412032) = 0
[pid  5840] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5840] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5840] close(3)                    = 0
[pid  5840] close(4)                    = 0
[pid  5840] mkdir("./file1", 0777)      = 0
[pid  5840] mount("/dev/loop0", "./file1", "ocfs2", MS_SYNCHRONOUS|MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME|MS_STRICTATIME, "acl,heartbeat=none,errors=remount-ro,coherency=full,preferred_slot=00000000000000000001,localflocks,"...) = 0
[pid  5840] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid  5840] chdir("./file1")            = 0
[   81.887604][ T5840] loop0: detected capacity change from 0 to 32768
[pid  5840] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid  5840] creat("./file0", 000)       = -1 EROFS (Read-only file system)
[pid  5840] exit_group(0)               = ?
[pid  5840] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5840, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=22 /* 0.22 s */} ---
[   81.940053][ T5840] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[   81.965145][ T5840] OCFS2: ERROR (device loop0): int ocfs2_validate_gd_self(struct super_block *, struct buffer_head *, int): Group descriptor #0 has bad signature 
[   81.965174][ T5840] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted.
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[   81.965183][ T5840] OCFS2: File system is now read-only.
[   81.965197][ T5840] (syz-executor373,5840,1):ocfs2_search_chain:1817 ERROR: status = -30
[   81.965215][ T5840] (syz-executor373,5840,1):ocfs2_search_chain:1940 ERROR: status = -30
[   81.965226][ T5840] (syz-executor373,5840,1):ocfs2_claim_suballoc_bits:2010 ERROR: status = -30
[   81.965236][ T5840] (syz-executor373,5840,1):ocfs2_claim_suballoc_bits:2063 ERROR: status = -30
[   81.965246][ T5840] (syz-executor373,5840,1):ocfs2_claim_new_inode:2298 ERROR: status = -30
getdents64(3, 0x5555657386f0 /* 4 entries */, 32768) = 112
[   81.965256][ T5840] (syz-executor373,5840,1):ocfs2_claim_new_inode:2313 ERROR: status = -30
[   81.965266][ T5840] (syz-executor373,5840,1):ocfs2_mknod_locked:638 ERROR: status = -30
[   81.965276][ T5840] (syz-executor373,5840,1):ocfs2_mknod:385 ERROR: status = -30
[   81.965398][ T5840] (syz-executor373,5840,1):ocfs2_mknod:502 ERROR: status = -30
[   81.965408][ T5840] (syz-executor373,5840,1):ocfs2_create:675 ERROR: status = -30
umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555565740730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555565740730 /* 0 entries */, 32768) = 0
close(4)                                = 0
[   82.113013][ T5835] ocfs2: Unmounting device (7,0) on (node local)
rmdir("./1/file1")                      = 0
umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./1/binderfs")                  = 0
getdents64(3, 0x5555657386f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./1")                            = 0
mkdir("./2", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = 0
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5843 attached
, child_tidptr=0x555565737650) = 5843
[pid  5843] set_robust_list(0x555565737660, 24) = 0
[pid  5843] chdir("./2")                = 0
[pid  5843] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5843] setpgid(0, 0)               = 0
[pid  5843] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5843] write(3, "1000", 4)         = 4
[pid  5843] close(3)                    = 0
[pid  5843] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid  5843] write(1, "executing program\n", 18) = 18
[pid  5843] memfd_create("syzkaller", 0) = 3
[pid  5843] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f09933a6000
[pid  5843] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216
[pid  5843] munmap(0x7f09933a6000, 138412032) = 0
[pid  5843] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5843] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5843] close(3)                    = 0
[pid  5843] close(4)                    = 0
[pid  5843] mkdir("./file1", 0777)      = 0
[   82.675075][ T5843] loop0: detected capacity change from 0 to 32768
[pid  5843] mount("/dev/loop0", "./file1", "ocfs2", MS_SYNCHRONOUS|MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME|MS_STRICTATIME, "acl,heartbeat=none,errors=remount-ro,coherency=full,preferred_slot=00000000000000000001,localflocks,"...) = 0
[pid  5843] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid  5843] chdir("./file1")            = 0
[pid  5843] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[   82.717607][ T5843] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[   82.752269][ T5843] ==================================================================
[   82.752284][ T5843] BUG: KASAN: use-after-free in ocfs2_claim_suballoc_bits+0x8b2/0x2450
[   82.752317][ T5843] Read of size 4 at addr ffff888044447000 by task syz-executor373/5843
[   82.752333][ T5843] 
[   82.752352][ T5843] CPU: 1 UID: 0 PID: 5843 Comm: syz-executor373 Tainted: G        W           6.16.0-syzkaller-11241-g186f3edfdd41 #0 PREEMPT_{RT,(full)} 
[   82.752379][ T5843] Tainted: [W]=WARN
[   82.752385][ T5843] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   82.752396][ T5843] Call Trace:
[   82.752404][ T5843]  <TASK>
[   82.752412][ T5843]  dump_stack_lvl+0x189/0x250
[   82.752438][ T5843]  ? __kasan_check_byte+0x12/0x40
[   82.752463][ T5843]  ? __pfx_dump_stack_lvl+0x10/0x10
[   82.752486][ T5843]  ? lock_release+0x4b/0x3e0
[   82.752509][ T5843]  ? __virt_addr_valid+0x4a5/0x5c0
[   82.752536][ T5843]  print_report+0xca/0x240
[   82.752562][ T5843]  ? ocfs2_claim_suballoc_bits+0x8b2/0x2450
[   82.752586][ T5843]  kasan_report+0x118/0x150
[   82.752612][ T5843]  ? ocfs2_claim_suballoc_bits+0x8b2/0x2450
[   82.752639][ T5843]  ocfs2_claim_suballoc_bits+0x8b2/0x2450
[   82.752680][ T5843]  ? __pfx_ocfs2_claim_suballoc_bits+0x10/0x10
[   82.752710][ T5843]  ? __lock_acquire+0xab9/0xd20
[   82.752735][ T5843]  ? do_raw_spin_lock+0x121/0x290
[   82.752765][ T5843]  ocfs2_claim_new_inode+0x332/0x7a0
[   82.752794][ T5843]  ? __pfx_ocfs2_claim_new_inode+0x10/0x10
[   82.752820][ T5843]  ? rt_mutex_slowunlock+0x493/0x8a0
[   82.752846][ T5843]  ? reacquire_held_locks+0x127/0x1d0
[   82.752880][ T5843]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[   82.752905][ T5843]  ocfs2_mknod_locked+0x100/0x250
[   82.752930][ T5843]  ? __pfx_ocfs2_mknod_locked+0x10/0x10
[   82.752952][ T5843]  ? dquot_alloc_inode+0x216/0xa50
[   82.752979][ T5843]  ? ocfs2_block_signals+0x94/0xe0
[   82.753000][ T5843]  ? __pfx_ocfs2_block_signals+0x10/0x10
[   82.753023][ T5843]  ? ocfs2_init_security_get+0x132/0x1a0
[   82.753041][ T5843]  ocfs2_mknod+0x10c7/0x2050
[   82.753071][ T5843]  ? __pfx_ocfs2_mknod+0x10/0x10
[   82.753096][ T5843]  ? rtlock_slowlock_locked+0xd8/0x4010
[   82.753122][ T5843]  ? __lock_acquire+0xab9/0xd20
[   82.753152][ T5843]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[   82.753170][ T5843]  ? lockdep_hardirqs_on+0x9c/0x150
[   82.753187][ T5843]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   82.753204][ T5843]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   82.753224][ T5843]  ? __lock_acquire+0xab9/0xd20
[   82.753247][ T5843]  ? rt_mutex_slowunlock+0x493/0x8a0
[   82.753271][ T5843]  ? rt_spin_lock+0x1bb/0x2c0
[   82.753291][ T5843]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[   82.753316][ T5843]  ? rt_spin_unlock+0x65/0x80
[   82.753342][ T5843]  ? rcu_is_watching+0x15/0xb0
[   82.753366][ T5843]  ? ocfs2_lookup+0x4a0/0x990
[   82.753390][ T5843]  ocfs2_create+0x1a5/0x440
[   82.753412][ T5843]  ? __pfx_ocfs2_lookup+0x10/0x10
[   82.753434][ T5843]  ? __pfx_ocfs2_create+0x10/0x10
[   82.753454][ T5843]  ? HAS_UNMAPPED_ID+0x11a/0x180
[   82.753481][ T5843]  ? bpf_lsm_inode_create+0x9/0x20
[   82.753498][ T5843]  ? __pfx_ocfs2_create+0x10/0x10
[   82.753518][ T5843]  path_openat+0x1500/0x3840
[   82.753550][ T5843]  ? __pfx_path_openat+0x10/0x10
[   82.753574][ T5843]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[   82.753592][ T5843]  ? lockdep_hardirqs_on+0x9c/0x150
[   82.753609][ T5843]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   82.753630][ T5843]  do_filp_open+0x1fa/0x410
[   82.753649][ T5843]  ? __pfx_do_filp_open+0x10/0x10
[   82.753666][ T5843]  ? rt_mutex_slowunlock+0x493/0x8a0
[   82.753698][ T5843]  ? alloc_fd+0x64f/0x6c0
[   82.753725][ T5843]  do_sys_openat2+0x121/0x1c0
[   82.753742][ T5843]  ? __pfx_do_sys_openat2+0x10/0x10
[   82.753769][ T5843]  ? rcu_is_watching+0x15/0xb0
[   82.753795][ T5843]  __x64_sys_creat+0x8f/0xc0
[   82.753812][ T5843]  do_syscall_64+0xfa/0x3b0
[   82.753830][ T5843]  ? lockdep_hardirqs_on+0x9c/0x150
[   82.753847][ T5843]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   82.753865][ T5843]  ? clear_bhb_loop+0x60/0xb0
[   82.753882][ T5843]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   82.753896][ T5843] RIP: 0033:0x7f099b7ed1e9
[   82.753924][ T5843] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   82.753942][ T5843] RSP: 002b:00007fffa98fe258 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
[   82.753962][ T5843] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f099b7ed1e9
[   82.753975][ T5843] RDX: 00007f099b7ec121 RSI: 0000000000000000 RDI: 0000200000000d80
[   82.753988][ T5843] RBP: 00000000ffffffff R08: 0000000000004444 R09: 0000000000000000
[   82.753999][ T5843] R10: 00007fffa98fe2f0 R11: 0000000000000246 R12: 0000200000000040
[   82.754012][ T5843] R13: 00007fffa98fe2f0 R14: 0000000001000000 R15: 0000000000000003
[   82.754031][ T5843]  </TASK>
[   82.754038][ T5843] 
[   82.754042][ T5843] The buggy address belongs to the physical page:
[   82.754059][ T5843] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x7f075bba4 pfn:0x44447
[   82.754086][ T5843] flags: 0x80000000000000(node=0|zone=1)
[   82.754110][ T5843] raw: 0080000000000000 ffffea0001111208 ffffea0001111148 0000000000000000
[   82.754125][ T5843] raw: 00000007f075bba4 0000000000000000 00000000ffffffff 0000000000000000
[   82.754135][ T5843] page dumped because: kasan: bad access detected
[   82.754146][ T5843] page_owner tracks the page as freed
[   82.754153][ T5843] page last allocated via order 0, migratetype Movable, gfp_mask 0x140dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO|__GFP_COMP), pid 5837, tgid 5837 (udevd), ts 82716920203, free_ts 82730729151
[   82.754182][ T5843]  post_alloc_hook+0x240/0x2a0
[   82.754204][ T5843]  get_page_from_freelist+0x2119/0x21b0
[   82.754219][ T5843]  __alloc_frozen_pages_noprof+0x181/0x370
[   82.754234][ T5843]  alloc_pages_mpol+0xd1/0x380
[   82.754255][ T5843]  vma_alloc_folio_noprof+0xe4/0x280
[   82.754275][ T5843]  folio_prealloc+0x30/0x180
[   82.754297][ T5843]  handle_mm_fault+0x12ee/0x3400
[   82.754318][ T5843]  do_user_addr_fault+0x764/0x1390
[   82.754336][ T5843]  exc_page_fault+0x76/0xf0
[   82.754350][ T5843]  asm_exc_page_fault+0x26/0x30
[   82.754364][ T5843] page last free pid 5837 tgid 5837 stack trace:
[   82.754374][ T5843]  free_unref_folios+0xd66/0x1460
[   82.754396][ T5843]  folios_put_refs+0x569/0x670
[   82.754411][ T5843]  free_pages_and_swap_cache+0x4be/0x520
[   82.754426][ T5843]  tlb_flush_mmu+0x3a0/0x680
[   82.754441][ T5843]  tlb_finish_mmu+0xc3/0x1d0
[   82.754455][ T5843]  vms_clear_ptes+0x42c/0x540
[   82.754473][ T5843]  vms_complete_munmap_vmas+0x206/0x8a0
[   82.754490][ T5843]  do_vmi_align_munmap+0x369/0x440
[   82.754506][ T5843]  do_vmi_munmap+0x253/0x2e0
[   82.754519][ T5843]  __vm_munmap+0x23b/0x3d0
[   82.754536][ T5843]  __x64_sys_munmap+0x60/0x70
[   82.754557][ T5843]  do_syscall_64+0xfa/0x3b0
[   82.754573][ T5843]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   82.754589][ T5843] 
[   82.754593][ T5843] Memory state around the buggy address:
[   82.754607][ T5843]  ffff888044446f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   82.754620][ T5843]  ffff888044446f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   82.754632][ T5843] >ffff888044447000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   82.754640][ T5843]                    ^
[   82.754649][ T5843]  ffff888044447080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   82.754661][ T5843]  ffff888044447100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   82.754669][ T5843] ==================================================================
[   82.754684][ T5843] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   82.754700][ T5843] CPU: 1 UID: 0 PID: 5843 Comm: syz-executor373 Tainted: G        W           6.16.0-syzkaller-11241-g186f3edfdd41 #0 PREEMPT_{RT,(full)} 
[   82.754726][ T5843] Tainted: [W]=WARN
[   82.754732][ T5843] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   82.754742][ T5843] Call Trace:
[   82.754749][ T5843]  <TASK>
[   82.754763][ T5843]  dump_stack_lvl+0x99/0x250
[   82.754788][ T5843]  ? __asan_memcpy+0x40/0x70
[   82.754806][ T5843]  ? __pfx_dump_stack_lvl+0x10/0x10
[   82.754830][ T5843]  ? __pfx__printk+0x10/0x10
[   82.754853][ T5843]  vpanic+0x27a/0x730
[   82.754877][ T5843]  ? __pfx_print_hex_dump+0x10/0x10
[   82.754898][ T5843]  ? __pfx_vpanic+0x10/0x10
[   82.754927][ T5843]  panic+0xb9/0xc0
[   82.754950][ T5843]  ? __pfx_panic+0x10/0x10
[   82.754971][ T5843]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[   82.754991][ T5843]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   82.755012][ T5843]  ? ocfs2_claim_suballoc_bits+0x8b2/0x2450
[   82.755038][ T5843]  check_panic_on_warn+0x89/0xb0
[   82.755056][ T5843]  ? ocfs2_claim_suballoc_bits+0x8b2/0x2450
[   82.755080][ T5843]  end_report+0x78/0x160
[   82.755101][ T5843]  kasan_report+0x129/0x150
[   82.755123][ T5843]  ? ocfs2_claim_suballoc_bits+0x8b2/0x2450
[   82.755151][ T5843]  ocfs2_claim_suballoc_bits+0x8b2/0x2450
[   82.755186][ T5843]  ? __pfx_ocfs2_claim_suballoc_bits+0x10/0x10
[   82.755216][ T5843]  ? __lock_acquire+0xab9/0xd20
[   82.755241][ T5843]  ? do_raw_spin_lock+0x121/0x290
[   82.755266][ T5843]  ocfs2_claim_new_inode+0x332/0x7a0
[   82.755295][ T5843]  ? __pfx_ocfs2_claim_new_inode+0x10/0x10
[   82.755322][ T5843]  ? rt_mutex_slowunlock+0x493/0x8a0
[   82.755345][ T5843]  ? reacquire_held_locks+0x127/0x1d0
[   82.755372][ T5843]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[   82.755398][ T5843]  ocfs2_mknod_locked+0x100/0x250
[   82.755423][ T5843]  ? __pfx_ocfs2_mknod_locked+0x10/0x10
[   82.755445][ T5843]  ? dquot_alloc_inode+0x216/0xa50
[   82.755472][ T5843]  ? ocfs2_block_signals+0x94/0xe0
[   82.755493][ T5843]  ? __pfx_ocfs2_block_signals+0x10/0x10
[   82.755519][ T5843]  ? ocfs2_init_security_get+0x132/0x1a0
[   82.755537][ T5843]  ocfs2_mknod+0x10c7/0x2050
[   82.755565][ T5843]  ? __pfx_ocfs2_mknod+0x10/0x10
[   82.755590][ T5843]  ? rtlock_slowlock_locked+0xd8/0x4010
[   82.755616][ T5843]  ? __lock_acquire+0xab9/0xd20
[   82.755646][ T5843]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[   82.755664][ T5843]  ? lockdep_hardirqs_on+0x9c/0x150
[   82.755681][ T5843]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   82.755699][ T5843]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   82.755718][ T5843]  ? __lock_acquire+0xab9/0xd20
[   82.755740][ T5843]  ? rt_mutex_slowunlock+0x493/0x8a0
[   82.755771][ T5843]  ? rt_spin_lock+0x1bb/0x2c0
[   82.755793][ T5843]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[   82.755820][ T5843]  ? rt_spin_unlock+0x65/0x80
[   82.755845][ T5843]  ? rcu_is_watching+0x15/0xb0
[   82.755869][ T5843]  ? ocfs2_lookup+0x4a0/0x990
[   82.755892][ T5843]  ocfs2_create+0x1a5/0x440
[   82.755913][ T5843]  ? __pfx_ocfs2_lookup+0x10/0x10
[   82.755936][ T5843]  ? __pfx_ocfs2_create+0x10/0x10
[   82.755957][ T5843]  ? HAS_UNMAPPED_ID+0x11a/0x180
[   82.755984][ T5843]  ? bpf_lsm_inode_create+0x9/0x20
[   82.756002][ T5843]  ? __pfx_ocfs2_create+0x10/0x10
[   82.756023][ T5843]  path_openat+0x1500/0x3840
[   82.756056][ T5843]  ? __pfx_path_openat+0x10/0x10
[   82.756080][ T5843]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[   82.756098][ T5843]  ? lockdep_hardirqs_on+0x9c/0x150
[   82.756115][ T5843]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   82.756136][ T5843]  do_filp_open+0x1fa/0x410
[   82.756156][ T5843]  ? __pfx_do_filp_open+0x10/0x10
[   82.756174][ T5843]  ? rt_mutex_slowunlock+0x493/0x8a0
[   82.756206][ T5843]  ? alloc_fd+0x64f/0x6c0
[   82.756232][ T5843]  do_sys_openat2+0x121/0x1c0
[   82.756250][ T5843]  ? __pfx_do_sys_openat2+0x10/0x10
[   82.756269][ T5843]  ? rcu_is_watching+0x15/0xb0
[   82.756295][ T5843]  __x64_sys_creat+0x8f/0xc0
[   82.756314][ T5843]  do_syscall_64+0xfa/0x3b0
[   82.756332][ T5843]  ? lockdep_hardirqs_on+0x9c/0x150
[   82.756349][ T5843]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   82.756366][ T5843]  ? clear_bhb_loop+0x60/0xb0
[   82.756385][ T5843]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   82.756402][ T5843] RIP: 0033:0x7f099b7ed1e9
[   82.756416][ T5843] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   82.756431][ T5843] RSP: 002b:00007fffa98fe258 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
[   82.756450][ T5843] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f099b7ed1e9
[   82.756463][ T5843] RDX: 00007f099b7ec121 RSI: 0000000000000000 RDI: 0000200000000d80
[   82.756476][ T5843] RBP: 00000000ffffffff R08: 0000000000004444 R09: 0000000000000000
[   82.756488][ T5843] R10: 00007fffa98fe2f0 R11: 0000000000000246 R12: 0000200000000040
[   82.756500][ T5843] R13: 00007fffa98fe2f0 R14: 0000000001000000 R15: 0000000000000003
[   82.756518][ T5843]  </TASK>
[   82.756752][ T5843] Kernel Offset: disabled