Warning: Permanently added '10.128.0.125' (ED25519) to the list of known hosts.
executing program
syzkaller login: [ 73.857067][ T5815] loop0: detected capacity change from 0 to 32768
[ 73.867203][ T5815] =======================================================
[ 73.867203][ T5815] WARNING: The mand mount option has been deprecated and
[ 73.867203][ T5815] and is ignored by this kernel. Remove the mand
[ 73.867203][ T5815] option from the mount to silence this warning.
[ 73.867203][ T5815] =======================================================
[ 73.938409][ T5815] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[ 73.950458][ T5815] ==================================================================
[ 73.958553][ T5815] BUG: KASAN: use-after-free in ocfs2_dir_foreach_blk+0x132c/0x1b20
[ 73.966584][ T5815] Read of size 2 at addr ffff888072ebf8c9 by task syz-executor372/5815
[ 73.974816][ T5815]
[ 73.977153][ T5815] CPU: 1 UID: 0 PID: 5815 Comm: syz-executor372 Not tainted 6.13.0-syzkaller-09793-g69b8923f5003 #0
[ 73.977171][ T5815] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[ 73.977183][ T5815] Call Trace:
[ 73.977191][ T5815]
[ 73.977197][ T5815] dump_stack_lvl+0x241/0x360
[ 73.977228][ T5815] ? __pfx_dump_stack_lvl+0x10/0x10
[ 73.977255][ T5815] ? __pfx__printk+0x10/0x10
[ 73.977277][ T5815] ? _printk+0xd5/0x120
[ 73.977298][ T5815] ? __virt_addr_valid+0x183/0x530
[ 73.977320][ T5815] ? __virt_addr_valid+0x183/0x530
[ 73.977341][ T5815] print_report+0x169/0x550
[ 73.977357][ T5815] ? __virt_addr_valid+0x183/0x530
[ 73.977377][ T5815] ? __virt_addr_valid+0x183/0x530
[ 73.977396][ T5815] ? __virt_addr_valid+0x45f/0x530
[ 73.977415][ T5815] ? __phys_addr+0xba/0x170
[ 73.977435][ T5815] ? ocfs2_dir_foreach_blk+0x132c/0x1b20
[ 73.977457][ T5815] kasan_report+0x143/0x180
[ 73.977474][ T5815] ? ocfs2_dir_foreach_blk+0x132c/0x1b20
[ 73.977498][ T5815] ocfs2_dir_foreach_blk+0x132c/0x1b20
[ 73.977520][ T5815] ? do_raw_spin_unlock+0x13c/0x8b0
[ 73.977538][ T5815] ? _raw_spin_unlock+0x28/0x50
[ 73.977558][ T5815] ? __pfx_ocfs2_dir_foreach_blk+0x10/0x10
[ 73.977580][ T5815] ? ocfs2_inode_lock_atime+0x25f/0x5b0
[ 73.977599][ T5815] ? __pfx_ocfs2_inode_lock_atime+0x10/0x10
[ 73.977618][ T5815] ? __pfx___might_resched+0x10/0x10
[ 73.977637][ T5815] ocfs2_readdir+0x2a1/0x5e0
[ 73.977658][ T5815] ? __pfx_ocfs2_readdir+0x10/0x10
[ 73.977678][ T5815] ? down_write+0x18c/0x220
[ 73.977697][ T5815] ? __pfx_down_write+0x10/0x10
[ 73.977717][ T5815] ? __x64_sys_lseek+0x180/0x1e0
[ 73.977738][ T5815] ? rcu_is_watching+0x15/0xb0
[ 73.977761][ T5815] ? __pfx_ocfs2_readdir+0x10/0x10
[ 73.977781][ T5815] wrap_directory_iterator+0x91/0xd0
[ 73.977797][ T5815] iterate_dir+0x5a9/0x760
[ 73.977812][ T5815] __se_sys_getdents+0x1fd/0x4e0
[ 73.977829][ T5815] ? __pfx___se_sys_getdents+0x10/0x10
[ 73.977842][ T5815] ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 73.977860][ T5815] ? __pfx_filldir+0x10/0x10
[ 73.977875][ T5815] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 73.977893][ T5815] ? do_syscall_64+0x100/0x230
[ 73.977913][ T5815] ? do_syscall_64+0xb6/0x230
[ 73.977932][ T5815] do_syscall_64+0xf3/0x230
[ 73.977951][ T5815] ? clear_bhb_loop+0x35/0x90
[ 73.977973][ T5815] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 73.977993][ T5815] RIP: 0033:0x7fb949d39e89
[ 73.978009][ T5815] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 73.978021][ T5815] RSP: 002b:00007ffcd718bd48 EFLAGS: 00000246 ORIG_RAX: 000000000000004e
[ 73.978036][ T5815] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fb949d39e89
[ 73.978046][ T5815] RDX: 0000000000000054 RSI: 0000000000000000 RDI: 0000000000000004
[ 73.978055][ T5815] RBP: 00000000000016b6 R08: 0000000000000000 R09: 0000000000000000
[ 73.978063][ T5815] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcd718bd90
[ 73.978073][ T5815] R13: 00007ffcd718be70 R14: 431bde82d7b634db R15: 00007fb949d8301d
[ 73.978094][ T5815]
[ 73.978099][ T5815]
[ 74.284413][ T5815] The buggy address belongs to the physical page:
[ 74.290833][ T5815] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x72ebf
[ 74.299593][ T5815] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 74.306705][ T5815] raw: 00fff00000000000 ffffea0001cbb008 ffffea0001cbaf88 0000000000000000
[ 74.315310][ T5815] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[ 74.323898][ T5815] page dumped because: kasan: bad access detected
[ 74.330322][ T5815] page_owner tracks the page as freed
[ 74.335685][ T5815] page last allocated via order 0, migratetype Unmovable, gfp_mask 0xcc0(GFP_KERNEL), pid 1, tgid 1 (swapper/0), ts 24283696987, free_ts 25766297943
[ 74.350699][ T5815] post_alloc_hook+0x1f4/0x240
[ 74.355475][ T5815] split_free_pages+0xe1/0x2d0
[ 74.360330][ T5815] alloc_contig_range_noprof+0x10eb/0x1770
[ 74.366142][ T5815] alloc_contig_pages_noprof+0x4b3/0x5c0
[ 74.371788][ T5815] debug_vm_pgtable_alloc_huge_page+0xaf/0x100
[ 74.377943][ T5815] init_args+0x83b/0xb20
[ 74.382193][ T5815] debug_vm_pgtable+0xe0/0x550
[ 74.386962][ T5815] do_one_initcall+0x248/0x870
[ 74.391814][ T5815] do_initcall_level+0x157/0x210
[ 74.396751][ T5815] do_initcalls+0x3f/0x80
[ 74.401077][ T5815] kernel_init_freeable+0x435/0x5d0
[ 74.406288][ T5815] kernel_init+0x1d/0x2b0
[ 74.410650][ T5815] ret_from_fork+0x4b/0x80
[ 74.415072][ T5815] ret_from_fork_asm+0x1a/0x30
[ 74.419844][ T5815] page last free pid 1 tgid 1 stack trace:
[ 74.425642][ T5815] free_frozen_pages+0xe04/0x10e0
[ 74.430715][ T5815] free_contig_range+0x14c/0x430
[ 74.435655][ T5815] destroy_args+0x94/0x4b0
[ 74.440069][ T5815] debug_vm_pgtable+0x4be/0x550
[ 74.444926][ T5815] do_one_initcall+0x248/0x870
[ 74.449690][ T5815] do_initcall_level+0x157/0x210
[ 74.454628][ T5815] do_initcalls+0x3f/0x80
[ 74.458966][ T5815] kernel_init_freeable+0x435/0x5d0
[ 74.464180][ T5815] kernel_init+0x1d/0x2b0
[ 74.468517][ T5815] ret_from_fork+0x4b/0x80
[ 74.472943][ T5815] ret_from_fork_asm+0x1a/0x30
[ 74.477713][ T5815]
[ 74.480034][ T5815] Memory state around the buggy address:
[ 74.485660][ T5815] ffff888072ebf780: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 74.493725][ T5815] ffff888072ebf800: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 74.501781][ T5815] >ffff888072ebf880: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 74.509874][ T5815] ^
[ 74.516295][ T5815] ffff888072ebf900: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 74.524368][ T5815] ffff888072ebf980: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 74.532461][ T5815] ==================================================================
[ 74.541355][ T5815] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 74.548590][ T5815] CPU: 0 UID: 0 PID: 5815 Comm: syz-executor372 Not tainted 6.13.0-syzkaller-09793-g69b8923f5003 #0
[ 74.559351][ T5815] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[ 74.569436][ T5815] Call Trace:
[ 74.572714][ T5815]
[ 74.575647][ T5815] dump_stack_lvl+0x241/0x360
[ 74.580354][ T5815] ? __pfx_dump_stack_lvl+0x10/0x10
[ 74.585567][ T5815] ? __pfx__printk+0x10/0x10
[ 74.590204][ T5815] ? preempt_schedule+0xe1/0xf0
[ 74.595092][ T5815] ? vscnprintf+0x5d/0x90
[ 74.599456][ T5815] panic+0x349/0x880
[ 74.603371][ T5815] ? check_panic_on_warn+0x21/0xb0
[ 74.608486][ T5815] ? __pfx_panic+0x10/0x10
[ 74.612909][ T5815] ? _raw_spin_unlock_irqrestore+0x130/0x140
[ 74.618977][ T5815] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 74.625311][ T5815] ? print_report+0x502/0x550
[ 74.629990][ T5815] check_panic_on_warn+0x86/0xb0
[ 74.635055][ T5815] ? ocfs2_dir_foreach_blk+0x132c/0x1b20
[ 74.640688][ T5815] end_report+0x77/0x160
[ 74.644939][ T5815] kasan_report+0x154/0x180
[ 74.649550][ T5815] ? ocfs2_dir_foreach_blk+0x132c/0x1b20
[ 74.655193][ T5815] ocfs2_dir_foreach_blk+0x132c/0x1b20
[ 74.660663][ T5815] ? do_raw_spin_unlock+0x13c/0x8b0
[ 74.665881][ T5815] ? _raw_spin_unlock+0x28/0x50
[ 74.670731][ T5815] ? __pfx_ocfs2_dir_foreach_blk+0x10/0x10
[ 74.676539][ T5815] ? ocfs2_inode_lock_atime+0x25f/0x5b0
[ 74.682434][ T5815] ? __pfx_ocfs2_inode_lock_atime+0x10/0x10
[ 74.688347][ T5815] ? __pfx___might_resched+0x10/0x10
[ 74.693654][ T5815] ocfs2_readdir+0x2a1/0x5e0
[ 74.698251][ T5815] ? __pfx_ocfs2_readdir+0x10/0x10
[ 74.703363][ T5815] ? down_write+0x18c/0x220
[ 74.707906][ T5815] ? __pfx_down_write+0x10/0x10
[ 74.712769][ T5815] ? __x64_sys_lseek+0x180/0x1e0
[ 74.717718][ T5815] ? rcu_is_watching+0x15/0xb0
[ 74.722493][ T5815] ? __pfx_ocfs2_readdir+0x10/0x10
[ 74.727613][ T5815] wrap_directory_iterator+0x91/0xd0
[ 74.732900][ T5815] iterate_dir+0x5a9/0x760
[ 74.737335][ T5815] __se_sys_getdents+0x1fd/0x4e0
[ 74.742291][ T5815] ? __pfx___se_sys_getdents+0x10/0x10
[ 74.747743][ T5815] ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 74.753721][ T5815] ? __pfx_filldir+0x10/0x10
[ 74.758325][ T5815] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 74.764652][ T5815] ? do_syscall_64+0x100/0x230
[ 74.769416][ T5815] ? do_syscall_64+0xb6/0x230
[ 74.774268][ T5815] do_syscall_64+0xf3/0x230
[ 74.778774][ T5815] ? clear_bhb_loop+0x35/0x90
[ 74.783452][ T5815] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 74.789347][ T5815] RIP: 0033:0x7fb949d39e89
[ 74.793756][ T5815] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 74.813398][ T5815] RSP: 002b:00007ffcd718bd48 EFLAGS: 00000246 ORIG_RAX: 000000000000004e
[ 74.821815][ T5815] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fb949d39e89
[ 74.829812][ T5815] RDX: 0000000000000054 RSI: 0000000000000000 RDI: 0000000000000004
[ 74.837792][ T5815] RBP: 00000000000016b6 R08: 0000000000000000 R09: 0000000000000000
[ 74.845788][ T5815] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcd718bd90
[ 74.853752][ T5815] R13: 00007ffcd718be70 R14: 431bde82d7b634db R15: 00007fb949d8301d
[ 74.861724][ T5815]
[ 74.865086][ T5815] Kernel Offset: disabled
[ 74.869415][ T5815] Rebooting in 86400 seconds..