Warning: Permanently added '[localhost]:47079' (ED25519) to the list of known hosts.
executing program
[ 86.914316][ T5101] loop0: detected capacity change from 0 to 32768
[ 86.947252][ T5101] =======================================================
[ 86.947252][ T5101] WARNING: The mand mount option has been deprecated and
[ 86.947252][ T5101] and is ignored by this kernel. Remove the mand
[ 86.947252][ T5101] option from the mount to silence this warning.
[ 86.947252][ T5101] =======================================================
[ 87.005688][ T5101] JBD2: Ignoring recovery information on journal
[ 87.044304][ T5101] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
executing program
executing program
executing program
executing program
executing program
executing program
[ 89.097814][ T41] ==================================================================
[ 89.100967][ T41] BUG: KASAN: use-after-free in __ocfs2_flush_truncate_log+0x824/0x1250
[ 89.104146][ T41] Read of size 4 at addr ffff888045e6fac0 by task kworker/u4:3/41
[ 89.108285][ T41]
[ 89.109121][ T41] CPU: 0 UID: 0 PID: 41 Comm: kworker/u4:3 Not tainted 6.11.0-syzkaller-09959-gabf2050f51fd #0
[ 89.112922][ T41] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 89.117331][ T41] Workqueue: ocfs2_wq ocfs2_truncate_log_worker
[ 89.119872][ T41] Call Trace:
[ 89.121113][ T41]
[ 89.122261][ T41] dump_stack_lvl+0x241/0x360
[ 89.124130][ T41] ? __pfx_dump_stack_lvl+0x10/0x10
[ 89.125882][ T41] ? __pfx__printk+0x10/0x10
[ 89.127938][ T41] ? _printk+0xd5/0x120
[ 89.129427][ T41] ? __virt_addr_valid+0x183/0x530
[ 89.131707][ T41] ? __virt_addr_valid+0x183/0x530
[ 89.134119][ T41] print_report+0x169/0x550
[ 89.136173][ T41] ? __virt_addr_valid+0x183/0x530
[ 89.138110][ T41] ? __virt_addr_valid+0x183/0x530
[ 89.140132][ T41] ? __virt_addr_valid+0x45f/0x530
[ 89.142091][ T41] ? __phys_addr+0xba/0x170
[ 89.143839][ T41] ? __ocfs2_flush_truncate_log+0x824/0x1250
[ 89.146095][ T41] kasan_report+0x143/0x180
[ 89.147763][ T41] ? __ocfs2_flush_truncate_log+0x824/0x1250
[ 89.150032][ T41] __ocfs2_flush_truncate_log+0x824/0x1250
[ 89.152287][ T41] ? __pfx___ocfs2_flush_truncate_log+0x10/0x10
[ 89.154935][ T41] ? down_write+0x18c/0x220
[ 89.156677][ T41] ? __pfx_down_write+0x10/0x10
[ 89.158379][ T41] ? __pfx_lock_acquire+0x10/0x10
[ 89.160092][ T41] ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 89.162106][ T41] ocfs2_truncate_log_worker+0xa2/0x1b0
[ 89.164023][ T41] ? __pfx_ocfs2_truncate_log_worker+0x10/0x10
[ 89.166198][ T41] ? process_scheduled_works+0x976/0x1850
[ 89.167999][ T41] process_scheduled_works+0xa63/0x1850
[ 89.170044][ T41] ? __pfx_process_scheduled_works+0x10/0x10
[ 89.172465][ T41] ? assign_work+0x364/0x3d0
[ 89.174279][ T41] worker_thread+0x870/0xd30
[ 89.175957][ T41] ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 89.178019][ T41] ? __kthread_parkme+0x169/0x1d0
[ 89.179887][ T41] ? __pfx_worker_thread+0x10/0x10
[ 89.181745][ T41] kthread+0x2f0/0x390
[ 89.183275][ T41] ? __pfx_worker_thread+0x10/0x10
[ 89.185272][ T41] ? __pfx_kthread+0x10/0x10
[ 89.187118][ T41] ret_from_fork+0x4b/0x80
[ 89.188703][ T41] ? __pfx_kthread+0x10/0x10
[ 89.190370][ T41] ret_from_fork_asm+0x1a/0x30
[ 89.192166][ T41]
[ 89.193454][ T41]
[ 89.194409][ T41] The buggy address belongs to the physical page:
[ 89.196969][ T41] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x4d pfn:0x45e6f
[ 89.200274][ T41] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[ 89.202925][ T41] raw: 04fff00000000000 ffffea0001179b88 ffffea0001179c08 0000000000000000
[ 89.206068][ T41] raw: 000000000000004d 0000000000000000 00000000ffffffff 0000000000000000
[ 89.209357][ T41] page dumped because: kasan: bad access detected
[ 89.211914][ T41] page_owner tracks the page as freed
[ 89.214043][ T41] page last allocated via order 0, migratetype Movable, gfp_mask 0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), pid 5109, tgid 5109 (syz-executor412), ts 88738057363, free_ts 88913146991
[ 89.220585][ T41] post_alloc_hook+0x1f3/0x230
[ 89.222354][ T41] get_page_from_freelist+0x3045/0x3190
[ 89.224385][ T41] __alloc_pages_noprof+0x256/0x6c0
[ 89.226320][ T41] alloc_pages_mpol_noprof+0x3e8/0x680
[ 89.228436][ T41] folio_alloc_mpol_noprof+0x36/0x50
[ 89.230620][ T41] shmem_alloc_and_add_folio+0x49b/0x13d0
[ 89.232927][ T41] shmem_get_folio_gfp+0x5a9/0x20a0
[ 89.234936][ T41] shmem_write_begin+0x17e/0x460
[ 89.236840][ T41] generic_perform_write+0x344/0x6d0
[ 89.238782][ T41] shmem_file_write_iter+0xf9/0x120
[ 89.240644][ T41] vfs_write+0xa6d/0xc90
[ 89.242226][ T41] ksys_write+0x183/0x2b0
[ 89.243873][ T41] do_syscall_64+0xf3/0x230
[ 89.245534][ T41] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 89.247634][ T41] page last free pid 5109 tgid 5109 stack trace:
[ 89.250078][ T41] free_unref_folios+0xf12/0x18d0
[ 89.252101][ T41] folios_put_refs+0x76c/0x860
[ 89.253969][ T41] shmem_undo_range+0x64c/0x1cf0
[ 89.255972][ T41] shmem_evict_inode+0x29b/0xa80
[ 89.257879][ T41] evict+0x4e8/0x9b0
[ 89.259318][ T41] __dentry_kill+0x20d/0x630
[ 89.261243][ T41] dput+0x19f/0x2b0
[ 89.262673][ T41] __fput+0x5d2/0x880
[ 89.264146][ T41] __x64_sys_close+0x7f/0x110
[ 89.265801][ T41] do_syscall_64+0xf3/0x230
[ 89.267475][ T41] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 89.269950][ T41]
[ 89.270958][ T41] Memory state around the buggy address:
[ 89.273181][ T41] ffff888045e6f980: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 89.276201][ T41] ffff888045e6fa00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 89.279237][ T41] >ffff888045e6fa80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 89.282317][ T41] ^
[ 89.284660][ T41] ffff888045e6fb00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 89.287709][ T41] ffff888045e6fb80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 89.290939][ T41] ==================================================================
executing program
[ 89.682014][ T41] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 89.684914][ T41] CPU: 0 UID: 0 PID: 41 Comm: kworker/u4:3 Not tainted 6.11.0-syzkaller-09959-gabf2050f51fd #0
[ 89.688649][ T41] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 89.692706][ T41] Workqueue: ocfs2_wq ocfs2_truncate_log_worker
[ 89.694823][ T41] Call Trace:
[ 89.696114][ T41]
[ 89.697186][ T41] dump_stack_lvl+0x241/0x360
[ 89.699031][ T41] ? __pfx_dump_stack_lvl+0x10/0x10
[ 89.701195][ T41] ? __pfx__printk+0x10/0x10
[ 89.702754][ T41] ? preempt_schedule+0xe1/0xf0
[ 89.704373][ T41] ? vscnprintf+0x5d/0x90
[ 89.705702][ T41] panic+0x349/0x880
[ 89.707017][ T41] ? check_panic_on_warn+0x21/0xb0
[ 89.708825][ T41] ? __pfx_panic+0x10/0x10
[ 89.710505][ T41] ? _raw_spin_unlock_irqrestore+0x130/0x140
[ 89.712678][ T41] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 89.714914][ T41] ? print_report+0x502/0x550
[ 89.716658][ T41] check_panic_on_warn+0x86/0xb0
[ 89.718428][ T41] ? __ocfs2_flush_truncate_log+0x824/0x1250
[ 89.720461][ T41] end_report+0x77/0x160
[ 89.721852][ T41] kasan_report+0x154/0x180
[ 89.723377][ T41] ? __ocfs2_flush_truncate_log+0x824/0x1250
[ 89.725696][ T41] __ocfs2_flush_truncate_log+0x824/0x1250
[ 89.727960][ T41] ? __pfx___ocfs2_flush_truncate_log+0x10/0x10
[ 89.730592][ T41] ? down_write+0x18c/0x220
[ 89.732526][ T41] ? __pfx_down_write+0x10/0x10
[ 89.734567][ T41] ? __pfx_lock_acquire+0x10/0x10
[ 89.736553][ T41] ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 89.738742][ T41] ocfs2_truncate_log_worker+0xa2/0x1b0
[ 89.740899][ T41] ? __pfx_ocfs2_truncate_log_worker+0x10/0x10
[ 89.743205][ T41] ? process_scheduled_works+0x976/0x1850
[ 89.745549][ T41] process_scheduled_works+0xa63/0x1850
[ 89.747984][ T41] ? __pfx_process_scheduled_works+0x10/0x10
[ 89.750365][ T41] ? assign_work+0x364/0x3d0
[ 89.752121][ T41] worker_thread+0x870/0xd30
[ 89.753652][ T41] ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 89.755842][ T41] ? __kthread_parkme+0x169/0x1d0
[ 89.757836][ T41] ? __pfx_worker_thread+0x10/0x10
[ 89.759912][ T41] kthread+0x2f0/0x390
[ 89.761402][ T41] ? __pfx_worker_thread+0x10/0x10
[ 89.763175][ T41] ? __pfx_kthread+0x10/0x10
[ 89.765234][ T41] ret_from_fork+0x4b/0x80
[ 89.767036][ T41] ? __pfx_kthread+0x10/0x10
[ 89.768732][ T41] ret_from_fork_asm+0x1a/0x30
[ 89.770534][ T41]
[ 89.772053][ T41] Kernel Offset: disabled
[ 89.773758][ T41] Rebooting in 86400 seconds..
VM DIAGNOSIS:
20:38:38 Registers:
info registers vcpu 0
CPU#0
RAX=0000000000000061 RBX=ffffffff9a6fbde0 RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000000000 RDI=0000000000000020 RBP=0000000000000000 RSP=ffffc900005bf0f0
R8 =ffffffff85486a8b R9 =1ffff1100661f046 R10=dffffc0000000000 R11=ffffffff85486a40
R12=dffffc0000000000 R13=ffffffff9a3f6f0a R14=0000000000000061 R15=00000000000003f8
RIP=ffffffff85486abe RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0000 0000000000000000 ffffffff 00c00000
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88801fc00000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000001000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=00007f2ca17fe000 CR3=0000000040d3c000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000440401 Opmask01=0000000000000001 Opmask02=00000000fff7ffff Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffdd1989570 00007ffdd1989550
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffdd19896b0 00007ffdd1989530
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f2ca9130724 00007f2ca9144240
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffdd1989570
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffdd19896b0
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffdd19896b0 00007ffdd1989530
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffdd1989570 00007ffdd1989550
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 d2a4f4086a344d89 b8989a87b50bedb7 d0b7de0667f0001f 651c4fcfddec9c78
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 65723d73726f7272 6500747865003036 36396f7369007265 6c6c616b7a797300
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 40571856574a5757 4000515d40001513 131c4a564c005740 4949444e5f5c5600
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000