Warning: Permanently added '10.128.15.194' (ED25519) to the list of known hosts.
2025/02/03 02:01:58 ignoring optional flag "sandboxArg"="0"
2025/02/03 02:01:59 parsed 1 programs
[   72.985347][ T2029] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
2025/02/03 02:02:09 executed programs: 0
[   82.917309][ T2524] loop0: detected capacity change from 0 to 32768
[   82.930634][ T2524] ==================================================================
[   82.938743][ T2524] BUG: KASAN: use-after-free in __ocfs2_find_path+0x172/0x760
[   82.946209][ T2524] Read of size 4 at addr ffff88806b038000 by task syz.0.15/2524
[   82.953827][ T2524] 
[   82.956148][ T2524] CPU: 1 PID: 2524 Comm: syz.0.15 Not tainted 6.1.128-syzkaller #0
[   82.964033][ T2524] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[   82.974090][ T2524] Call Trace:
[   82.977360][ T2524]  <TASK>
[   82.980307][ T2524]  dump_stack_lvl+0x163/0x213
[   82.984979][ T2524]  ? nf_tcp_handle_invalid+0x2f3/0x2f3
[   82.990446][ T2524]  ? panic+0x495/0x495
[   82.994496][ T2524]  ? _printk+0xca/0x10a
[   82.998687][ T2524]  ? __virt_addr_valid+0x134/0x330
[   83.003787][ T2524]  print_report+0x15f/0x4f0
[   83.008536][ T2524]  ? __virt_addr_valid+0x134/0x330
[   83.013666][ T2524]  ? __virt_addr_valid+0x2df/0x330
[   83.018762][ T2524]  ? __ocfs2_find_path+0x172/0x760
[   83.023878][ T2524]  kasan_report+0x136/0x160
[   83.028377][ T2524]  ? __ocfs2_find_path+0x172/0x760
[   83.033476][ T2524]  __ocfs2_find_path+0x172/0x760
[   83.038397][ T2524]  ? ocfs2_find_leaf+0x1e0/0x1e0
[   83.043318][ T2524]  ? ocfs2_find_path+0x120/0x120
[   83.048240][ T2524]  ? ocfs2_refresh_inode+0x9b0/0x9b0
[   83.053550][ T2524]  ocfs2_find_leaf+0xc0/0x1e0
[   83.058247][ T2524]  ? find_path_ins+0x150/0x150
[   83.062997][ T2524]  ? ocfs2_refresh_inode+0x9b0/0x9b0
[   83.068354][ T2524]  ocfs2_get_clusters_nocache+0x194/0xa20
[   83.074053][ T2524]  ? ocfs2_get_clusters+0xde0/0xde0
[   83.079247][ T2524]  ? ocfs2_read_inode_block+0x100/0x1c0
[   83.084773][ T2524]  ? ocfs2_read_inode_block_full+0x1c0/0x1c0
[   83.090906][ T2524]  ? do_raw_spin_unlock+0x137/0x8a0
[   83.096085][ T2524]  ocfs2_get_clusters+0x754/0xde0
[   83.101092][ T2524]  ? noop_count+0x30/0x30
[   83.105405][ T2524]  ? ocfs2_xattr_get_clusters+0x8c0/0x8c0
[   83.111109][ T2524]  ? graph_lock+0x128/0x470
[   83.115706][ T2524]  ? down_read+0x8fd/0xba0
[   83.120105][ T2524]  ocfs2_extent_map_get_blocks+0x182/0x640
[   83.125903][ T2524]  ? ocfs2_get_clusters_nocache+0xa20/0xa20
[   83.131774][ T2524]  ? __lock_acquire+0x2ad4/0x7110
[   83.136791][ T2524]  ocfs2_read_virt_blocks+0x257/0x780
[   83.142168][ T2524]  ? ocfs2_validate_dx_leaf+0x1c0/0x1c0
[   83.147705][ T2524]  ? ocfs2_seek_data_hole_offset+0xb90/0xb90
[   83.153758][ T2524]  ? verify_lock_unused+0x140/0x140
[   83.159040][ T2524]  ? __schedule+0x13de/0x3f20
[   83.163701][ T2524]  ocfs2_find_entry+0x3b1/0x1e80
[   83.168623][ T2524]  ? ocfs2_free_dir_lookup_result+0xc0/0xc0
[   83.174510][ T2524]  ? ocfs2_inode_lock_res_init+0x2c0/0x2c0
[   83.180388][ T2524]  ? read_lock_is_recursive+0x10/0x10
[   83.185741][ T2524]  ? vsnprintf+0x1970/0x1970
[   83.190319][ T2524]  ? rcu_is_watching+0x1b/0x90
[   83.195062][ T2524]  ? vsnprintf+0xb6e/0x1970
[   83.199545][ T2524]  ocfs2_find_files_on_disk+0x8c/0x200
[   83.204990][ T2524]  ocfs2_lookup_ino_from_name+0xa8/0x190
[   83.210603][ T2524]  ? ocfs2_find_files_on_disk+0x200/0x200
[   83.216405][ T2524]  ? __stack_depot_save+0x346/0x460
[   83.221673][ T2524]  ocfs2_get_system_file_inode+0x3da/0x660
[   83.227545][ T2524]  ? mount_bdev+0x26b/0x340
[   83.232029][ T2524]  ? do_syscall_64+0x3b/0x80
[   83.236710][ T2524]  ? entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   83.242760][ T2524]  ? ocfs2_fast_symlink_read_folio+0x430/0x430
[   83.248898][ T2524]  ocfs2_init_global_system_inodes+0x275/0x560
[   83.255036][ T2524]  ? trace_ocfs2_initialize_super+0x100/0x100
[   83.261084][ T2524]  ? __kasan_kmalloc+0x97/0xb0
[   83.265832][ T2524]  ? ocfs2_new_dlm_debug+0xa7/0x1e0
[   83.271114][ T2524]  ? ocfs2_put_dlm_debug+0x40/0x40
[   83.276230][ T2524]  ocfs2_fill_super+0x37dd/0x4aa0
[   83.281247][ T2524]  ? static_obj+0xe0/0xe0
[   83.285569][ T2524]  ? ocfs2_mount+0x10/0x10
[   83.289971][ T2524]  ? __lock_acquire+0x2ad4/0x7110
[   83.294982][ T2524]  ? verify_lock_unused+0x140/0x140
[   83.300161][ T2524]  ? __lock_acquire+0xfa4/0x7110
[   83.305081][ T2524]  ? verify_lock_unused+0x140/0x140
[   83.310335][ T2524]  ? verify_lock_unused+0x140/0x140
[   83.315555][ T2524]  ? read_lock_is_recursive+0x10/0x10
[   83.321026][ T2524]  ? __stack_depot_save+0x346/0x460
[   83.326382][ T2524]  ? reacquire_held_locks+0x3a8/0x590
[   83.331743][ T2524]  ? alloc_super+0x1e0/0x8a0
[   83.336403][ T2524]  ? bdev_name+0x181/0x300
[   83.340804][ T2524]  ? pointer+0x1d3/0xc90
[   83.345028][ T2524]  ? string+0x240/0x240
[   83.349170][ T2524]  ? vsnprintf+0x1970/0x1970
[   83.353830][ T2524]  ? ptr_to_hashval+0x50/0x50
[   83.358657][ T2524]  ? rwsem_write_trylock+0x15e/0x200
[   83.363944][ T2524]  ? mount_bdev+0xe8/0x340
[   83.368343][ T2524]  ? snprintf+0xcc/0x110
[   83.372563][ T2524]  ? __up_read+0x360/0x360
[   83.376962][ T2524]  ? vscnprintf+0x30/0x30
[   83.381272][ T2524]  ? mount_bdev+0x340/0x340
[   83.385761][ T2524]  mount_bdev+0x26b/0x340
[   83.390075][ T2524]  ? ocfs2_mount+0x10/0x10
[   83.394472][ T2524]  legacy_get_tree+0xe5/0x170
[   83.399136][ T2524]  ? trace_raw_output_ocfs2_buffer_cached_end+0xd0/0xd0
[   83.406341][ T2524]  vfs_get_tree+0x7a/0x170
[   83.410745][ T2524]  do_new_mount+0x21a/0x910
[   83.415230][ T2524]  ? do_move_mount_old+0x120/0x120
[   83.420326][ T2524]  __se_sys_mount+0x22e/0x2c0
[   83.424983][ T2524]  ? print_irqtrace_events+0x210/0x210
[   83.430425][ T2524]  ? __x64_sys_mount+0xc0/0xc0
[   83.435177][ T2524]  ? syscall_enter_from_user_mode+0x2e/0x200
[   83.441140][ T2524]  ? lockdep_hardirqs_on+0x94/0xf0
[   83.446321][ T2524]  ? syscall_enter_from_user_mode+0x2e/0x200
[   83.452453][ T2524]  do_syscall_64+0x3b/0x80
[   83.456859][ T2524]  ? clear_bhb_loop+0x45/0xa0
[   83.461513][ T2524]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   83.467418][ T2524] RIP: 0033:0x7fb093b7f79a
[   83.471818][ T2524] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   83.491421][ T2524] RSP: 002b:00007fb094a07e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[   83.499823][ T2524] RAX: ffffffffffffffda RBX: 00007fb094a07ef0 RCX: 00007fb093b7f79a
[   83.507777][ T2524] RDX: 0000000020004440 RSI: 0000000020000780 RDI: 00007fb094a07eb0
[   83.515819][ T2524] RBP: 0000000020004440 R08: 00007fb094a07ef0 R09: 0000000001000000
[   83.523780][ T2524] R10: 0000000001000000 R11: 0000000000000246 R12: 0000000020000780
[   83.531736][ T2524] R13: 00007fb094a07eb0 R14: 000000000000444a R15: 00000000200005c0
[   83.539739][ T2524]  </TASK>
[   83.542763][ T2524] 
[   83.545076][ T2524] The buggy address belongs to the physical page:
[   83.551516][ T2524] page:ffffea0001ac0e00 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x6b038
[   83.561683][ T2524] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   83.568789][ T2524] raw: 00fff00000000000 ffffea0001ac5588 ffffea0001ac0b08 0000000000000000
[   83.577355][ T2524] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
[   83.585920][ T2524] page dumped because: kasan: bad access detected
[   83.592323][ T2524] page_owner tracks the page as freed
[   83.597677][ T2524] page last allocated via order 0, migratetype Movable, gfp_mask 0x140dca(GFP_HIGHUSER_MOVABLE|__GFP_COMP|__GFP_ZERO), pid 2271, tgid 2271 (modprobe), ts 77970589247, free_ts 77973871067
[   83.615987][ T2524]  post_alloc_hook+0x286/0x2b0
[   83.620755][ T2524]  get_page_from_freelist+0x340b/0x35b0
[   83.626367][ T2524]  __alloc_pages+0x251/0x640
[   83.631031][ T2524]  __folio_alloc+0xf/0x30
[   83.635340][ T2524]  vma_alloc_folio+0x484/0x9e0
[   83.640083][ T2524]  handle_mm_fault+0x2462/0x40a0
[   83.645010][ T2524]  exc_page_fault+0x279/0x5f0
[   83.649702][ T2524]  asm_exc_page_fault+0x22/0x30
[   83.654532][ T2524] page last free stack trace:
[   83.659183][ T2524]  free_unref_page_prepare+0x10b7/0x13b0
[   83.664798][ T2524]  free_unref_page_list+0x54b/0x7e0
[   83.670066][ T2524]  release_pages+0x1c13/0x1dc0
[   83.674807][ T2524]  tlb_flush_mmu+0xe5/0x1d0
[   83.679287][ T2524]  tlb_finish_mmu+0xb0/0x1b0
[   83.683864][ T2524]  exit_mmap+0x330/0x6f0
[   83.688178][ T2524]  __mmput+0x9b/0x2e0
[   83.692140][ T2524]  exit_mm+0x1ea/0x290
[   83.696200][ T2524]  do_exit+0x819/0x23a0
[   83.700334][ T2524]  do_group_exit+0x1b5/0x280
[   83.704905][ T2524]  __x64_sys_exit_group+0x3b/0x40
[   83.709912][ T2524]  do_syscall_64+0x3b/0x80
[   83.714325][ T2524]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   83.720198][ T2524] 
[   83.722507][ T2524] Memory state around the buggy address:
[   83.728120][ T2524]  ffff88806b037f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   83.736161][ T2524]  ffff88806b037f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   83.744384][ T2524] >ffff88806b038000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   83.752420][ T2524]                    ^
[   83.756470][ T2524]  ffff88806b038080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   83.764515][ T2524]  ffff88806b038100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   83.772694][ T2524] ==================================================================
[   83.786873][ T2524] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   83.794429][ T2524] Kernel Offset: disabled
[   83.798789][ T2524] Rebooting in 86400 seconds..