Warning: Permanently added '10.128.1.106' (ED25519) to the list of known hosts.
2024/10/20 20:10:29 ignoring optional flag "sandboxArg"="0"
2024/10/20 20:10:30 parsed 1 programs
[   92.730771][ T5630] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   95.982714][ T5669] chnl_net:caif_netlink_parms(): no params data found
[   96.051414][ T5669] bridge0: port 1(bridge_slave_0) entered blocking state
[   96.059533][ T5669] bridge0: port 1(bridge_slave_0) entered disabled state
[   96.067510][ T5669] bridge_slave_0: entered allmulticast mode
[   96.075408][ T5669] bridge_slave_0: entered promiscuous mode
[   96.095024][ T5669] bridge0: port 2(bridge_slave_1) entered blocking state
[   96.102361][ T5669] bridge0: port 2(bridge_slave_1) entered disabled state
[   96.109872][ T5669] bridge_slave_1: entered allmulticast mode
[   96.116901][ T5669] bridge_slave_1: entered promiscuous mode
[   96.138312][ T5669] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   96.151857][ T5669] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   96.181270][ T5669] team0: Port device team_slave_0 added
[   96.191163][ T5669] team0: Port device team_slave_1 added
[   96.212864][ T5669] batman_adv: batadv0: Adding interface: batadv_slave_0
[   96.219980][ T5669] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   96.245973][ T5669] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   96.257715][ T5669] batman_adv: batadv0: Adding interface: batadv_slave_1
[   96.264842][ T5669] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   96.291239][ T5669] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   96.319011][ T5669] hsr_slave_0: entered promiscuous mode
[   96.325280][ T5669] hsr_slave_1: entered promiscuous mode
[   96.811230][ T5669] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   96.821554][ T5669] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   96.831132][ T5669] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   96.841469][ T5669] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   96.865098][ T5669] bridge0: port 2(bridge_slave_1) entered blocking state
[   96.872303][ T5669] bridge0: port 2(bridge_slave_1) entered forwarding state
[   96.880341][ T5669] bridge0: port 1(bridge_slave_0) entered blocking state
[   96.887556][ T5669] bridge0: port 1(bridge_slave_0) entered forwarding state
[   96.899284][ T3016] bridge0: port 1(bridge_slave_0) entered disabled state
[   96.907394][ T3016] bridge0: port 2(bridge_slave_1) entered disabled state
[   96.969955][ T5669] 8021q: adding VLAN 0 to HW filter on device bond0
[   96.992034][ T5669] 8021q: adding VLAN 0 to HW filter on device team0
[   97.004446][   T62] bridge0: port 1(bridge_slave_0) entered blocking state
[   97.011811][   T62] bridge0: port 1(bridge_slave_0) entered forwarding state
[   97.028328][   T62] bridge0: port 2(bridge_slave_1) entered blocking state
[   97.035519][   T62] bridge0: port 2(bridge_slave_1) entered forwarding state
[   97.233975][ T5669] 8021q: adding VLAN 0 to HW filter on device batadv0
[   97.278609][ T5669] veth0_vlan: entered promiscuous mode
[   97.295368][ T5669] veth1_vlan: entered promiscuous mode
[   97.332042][ T5669] veth0_macvtap: entered promiscuous mode
[   97.345127][ T5669] veth1_macvtap: entered promiscuous mode
[   97.366334][ T5669] batman_adv: batadv0: Interface activated: batadv_slave_0
[   97.384271][ T5669] batman_adv: batadv0: Interface activated: batadv_slave_1
[   97.396900][ T5669] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   97.408437][ T5669] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   97.417615][ T5669] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   97.429971][ T5669] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   97.581456][   T62] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   97.676612][   T62] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   97.698569][ T3016] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   97.717009][ T3016] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   97.756068][   T62] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   97.780091][ T3063] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   97.789743][ T3063] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   97.835195][   T62] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   98.381850][ T4614] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   98.391537][ T4614] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   98.405554][ T4614] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   98.420432][ T4614] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   98.428060][ T4614] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   98.437002][ T4614] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
2024/10/20 20:10:40 executed programs: 0
[   99.318708][ T5306] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   99.330695][ T5306] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   99.343854][ T5306] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   99.387924][ T5306] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   99.396321][ T5306] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   99.404210][ T5306] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   99.573640][ T5834] chnl_net:caif_netlink_parms(): no params data found
[   99.663118][ T5834] bridge0: port 1(bridge_slave_0) entered blocking state
[   99.671873][ T5834] bridge0: port 1(bridge_slave_0) entered disabled state
[   99.683225][ T5834] bridge_slave_0: entered allmulticast mode
[   99.692745][ T5834] bridge_slave_0: entered promiscuous mode
[   99.702340][ T5834] bridge0: port 2(bridge_slave_1) entered blocking state
[   99.710763][ T5834] bridge0: port 2(bridge_slave_1) entered disabled state
[   99.718000][ T5834] bridge_slave_1: entered allmulticast mode
[   99.727166][ T5834] bridge_slave_1: entered promiscuous mode
[   99.762130][ T5834] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   99.776619][ T5834] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   99.814435][ T5834] team0: Port device team_slave_0 added
[   99.823869][ T5834] team0: Port device team_slave_1 added
[   99.853168][ T5834] batman_adv: batadv0: Adding interface: batadv_slave_0
[   99.861636][ T5834] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   99.891032][ T5834] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   99.903879][ T5834] batman_adv: batadv0: Adding interface: batadv_slave_1
[   99.913718][ T5834] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   99.943529][ T5834] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   99.986717][ T5834] hsr_slave_0: entered promiscuous mode
[   99.993840][ T5834] hsr_slave_1: entered promiscuous mode
[  100.003123][ T5834] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  100.011331][ T5834] Cannot create hsr debugfs directory
[  100.294146][   T62] bridge_slave_1: left allmulticast mode
[  100.305283][   T62] bridge_slave_1: left promiscuous mode
[  100.312223][   T62] bridge0: port 2(bridge_slave_1) entered disabled state
[  100.325938][   T62] bridge_slave_0: left allmulticast mode
[  100.332175][   T62] bridge_slave_0: left promiscuous mode
[  100.337919][   T62] bridge0: port 1(bridge_slave_0) entered disabled state
[  100.713040][   T62] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  100.726837][   T62] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  100.738606][   T62] bond0 (unregistering): Released all slaves
[  100.854807][   T62] hsr_slave_0: left promiscuous mode
[  100.861213][   T62] hsr_slave_1: left promiscuous mode
[  100.872432][   T62] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  100.881201][   T62] batman_adv: batadv0: Removing interface: batadv_slave_0
[  100.891926][   T62] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  100.899939][   T62] batman_adv: batadv0: Removing interface: batadv_slave_1
[  100.926910][   T62] veth1_macvtap: left promiscuous mode
[  100.932618][   T62] veth0_macvtap: left promiscuous mode
[  100.938232][   T62] veth1_vlan: left promiscuous mode
[  100.945186][   T62] veth0_vlan: left promiscuous mode
[  101.268534][   T62] team0 (unregistering): Port device team_slave_1 removed
[  101.297617][   T62] team0 (unregistering): Port device team_slave_0 removed
[  101.449655][ T5306] Bluetooth: hci0: command tx timeout
[  101.840949][ T5834] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  101.851208][ T5834] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  101.862569][ T5834] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  101.881694][ T5834] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  102.204774][ T5834] 8021q: adding VLAN 0 to HW filter on device bond0
[  102.236983][ T5834] 8021q: adding VLAN 0 to HW filter on device team0
[  102.271580][ T3063] bridge0: port 1(bridge_slave_0) entered blocking state
[  102.278713][ T3063] bridge0: port 1(bridge_slave_0) entered forwarding state
[  102.301009][ T3063] bridge0: port 2(bridge_slave_1) entered blocking state
[  102.308142][ T3063] bridge0: port 2(bridge_slave_1) entered forwarding state
[  102.454764][ T5834] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  102.708699][ T5834] 8021q: adding VLAN 0 to HW filter on device batadv0
[  102.787474][ T5834] veth0_vlan: entered promiscuous mode
[  102.821548][ T5834] veth1_vlan: entered promiscuous mode
[  102.877005][ T5834] veth0_macvtap: entered promiscuous mode
[  102.901105][ T5834] veth1_macvtap: entered promiscuous mode
[  102.932732][ T5834] batman_adv: batadv0: Interface activated: batadv_slave_0
[  102.961568][ T5834] batman_adv: batadv0: Interface activated: batadv_slave_1
[  102.975036][ T5834] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  102.984710][ T5834] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  102.994858][ T5834] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  103.004971][ T5834] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  103.073945][ T2906] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  103.086541][ T2906] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  103.114401][   T62] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  103.123020][   T62] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  103.501351][ T5973] loop0: detected capacity change from 0 to 32768
[  103.520196][ T5973] (syz.0.15,5973,1):ocfs2_read_blocks:239 ERROR: status = -12
[  103.527945][ T5973] (syz.0.15,5973,1):__ocfs2_find_path:1844 ERROR: status = -12
[  103.536429][ T5306] Bluetooth: hci0: command tx timeout
[  103.546148][ T5973] (syz.0.15,5973,1):ocfs2_find_leaf:1940 ERROR: status = -12
[  103.554096][ T5973] (syz.0.15,5973,1):ocfs2_get_clusters_nocache:421 ERROR: status = -12
[  103.564163][ T5973] (syz.0.15,5973,1):ocfs2_get_clusters:624 ERROR: status = -12
[  103.572075][ T5973] (syz.0.15,5973,1):ocfs2_extent_map_get_blocks:671 ERROR: status = -12
[  103.581953][ T5973] (syz.0.15,5973,1):ocfs2_read_virt_blocks:987 ERROR: status = -12
[  103.591329][ T5973] (syz.0.15,5973,1):ocfs2_read_dir_block:511 ERROR: status = -12
[  103.601135][ T5973] (syz.0.15,5973,1):ocfs2_init_global_system_inodes:461 ERROR: status = -22
[  103.614188][ T5973] (syz.0.15,5973,1):ocfs2_init_global_system_inodes:463 ERROR: Unable to load system inode 1, possibly corrupt fs?
[  103.614223][ T5973] (syz.0.15,5973,1):ocfs2_init_global_system_inodes:472 ERROR: status = -22
[  103.637674][ T5973] (syz.0.15,5973,1):ocfs2_initialize_super:2250 ERROR: status = -22
[  103.646204][ T5973] (syz.0.15,5973,1):ocfs2_fill_super:1178 ERROR: status = -22
[  104.106884][ T5999] loop0: detected capacity change from 0 to 32768
[  104.131117][ T5999] OCFS2: ERROR (device loop0): int ocfs2_validate_extent_block(struct super_block *, struct buffer_head *): Extent block #422 has bad signature 
[  104.147899][ T5999] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted.
[  104.159416][ T5999] OCFS2: File system is now read-only.
[  104.165111][ T5999] (syz.0.16,5999,1):__ocfs2_find_path:1844 ERROR: status = -30
[  104.181072][ T5999] (syz.0.16,5999,1):ocfs2_find_leaf:1940 ERROR: status = -30
[  104.188509][ T5999] (syz.0.16,5999,1):ocfs2_get_clusters_nocache:421 ERROR: status = -30
[  104.200192][ T5999] (syz.0.16,5999,1):ocfs2_get_clusters:624 ERROR: status = -30
[  104.208154][ T5999] (syz.0.16,5999,1):ocfs2_extent_map_get_blocks:671 ERROR: status = -30
[  104.217677][ T5999] (syz.0.16,5999,1):ocfs2_read_virt_blocks:987 ERROR: status = -30
[  104.226345][ T5999] (syz.0.16,5999,1):ocfs2_read_dir_block:511 ERROR: status = -30
[  104.235643][ T5999] (syz.0.16,5999,1):ocfs2_init_global_system_inodes:461 ERROR: status = -30
[  104.245910][ T5999] (syz.0.16,5999,1):ocfs2_init_global_system_inodes:463 ERROR: Unable to load system inode 1, possibly corrupt fs?
[  104.245945][ T5999] (syz.0.16,5999,1):ocfs2_init_global_system_inodes:472 ERROR: status = -30
[  104.270547][ T5999] (syz.0.16,5999,1):ocfs2_initialize_super:2250 ERROR: status = -30
[  104.278642][ T5999] (syz.0.16,5999,1):ocfs2_fill_super:1178 ERROR: status = -30
2024/10/20 20:10:45 executed programs: 4
[  104.725600][ T6024] loop0: detected capacity change from 0 to 32768
[  104.743826][ T6024] ==================================================================
[  104.751938][ T6024] BUG: KASAN: use-after-free in __ocfs2_find_path+0x203/0x7e0
[  104.759445][ T6024] Read of size 4 at addr ffff888071ab4000 by task syz.0.17/6024
[  104.767268][ T6024] 
[  104.769718][ T6024] CPU: 1 UID: 0 PID: 6024 Comm: syz.0.17 Not tainted 6.12.0-rc3-syzkaller-00454-gdb87114dcf13 #0
[  104.780222][ T6024] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  104.790277][ T6024] Call Trace:
[  104.793598][ T6024]  <TASK>
[  104.796544][ T6024]  dump_stack_lvl+0x241/0x360
[  104.801244][ T6024]  ? __pfx_dump_stack_lvl+0x10/0x10
[  104.806472][ T6024]  ? __pfx__printk+0x10/0x10
[  104.811069][ T6024]  ? _printk+0xd5/0x120
[  104.815280][ T6024]  ? __virt_addr_valid+0x183/0x530
[  104.820419][ T6024]  ? __virt_addr_valid+0x183/0x530
[  104.825556][ T6024]  print_report+0x169/0x550
[  104.830163][ T6024]  ? __virt_addr_valid+0x183/0x530
[  104.835281][ T6024]  ? __virt_addr_valid+0x183/0x530
[  104.840410][ T6024]  ? __virt_addr_valid+0x45f/0x530
[  104.845523][ T6024]  ? __phys_addr+0xba/0x170
[  104.850015][ T6024]  ? __ocfs2_find_path+0x203/0x7e0
[  104.855120][ T6024]  kasan_report+0x143/0x180
[  104.859708][ T6024]  ? __ocfs2_find_path+0x203/0x7e0
[  104.864826][ T6024]  __ocfs2_find_path+0x203/0x7e0
[  104.869847][ T6024]  ? __pfx_find_leaf_ins+0x10/0x10
[  104.874980][ T6024]  ? __pfx___ocfs2_find_path+0x10/0x10
[  104.880430][ T6024]  ? __pfx_ocfs2_validate_inode_block+0x10/0x10
[  104.886666][ T6024]  ocfs2_find_leaf+0xcf/0x230
[  104.891339][ T6024]  ? __pfx_ocfs2_find_leaf+0x10/0x10
[  104.896642][ T6024]  ? __pfx_ocfs2_validate_inode_block+0x10/0x10
[  104.902892][ T6024]  ocfs2_get_clusters_nocache+0x1ad/0xbf0
[  104.908601][ T6024]  ? __pfx_ocfs2_get_clusters_nocache+0x10/0x10
[  104.914838][ T6024]  ? ocfs2_read_inode_block+0x14c/0x1e0
[  104.920376][ T6024]  ? __pfx_ocfs2_read_inode_block+0x10/0x10
[  104.926258][ T6024]  ? do_raw_spin_unlock+0x13c/0x8b0
[  104.931455][ T6024]  ocfs2_get_clusters+0x5bd/0xbd0
[  104.936494][ T6024]  ? __pfx_ocfs2_get_clusters+0x10/0x10
[  104.942033][ T6024]  ? mark_lock+0x9a/0x360
[  104.946353][ T6024]  ? __pfx_lock_acquire+0x10/0x10
[  104.951370][ T6024]  ? validate_chain+0x11e/0x5920
[  104.956335][ T6024]  ocfs2_extent_map_get_blocks+0x24c/0x7d0
[  104.962221][ T6024]  ? __pfx_ocfs2_extent_map_get_blocks+0x10/0x10
[  104.968542][ T6024]  ocfs2_read_virt_blocks+0x313/0xb20
[  104.974086][ T6024]  ? do_raw_spin_unlock+0x13c/0x8b0
[  104.979284][ T6024]  ? __pfx_ocfs2_validate_dir_block+0x10/0x10
[  104.985344][ T6024]  ? __pfx_ocfs2_read_virt_blocks+0x10/0x10
[  104.991317][ T6024]  ? __lock_acquire+0x1384/0x2050
[  104.996334][ T6024]  ? __pfx_validate_chain+0x10/0x10
[  105.001611][ T6024]  ocfs2_find_entry+0x43b/0x2780
[  105.006660][ T6024]  ? __pfx_ocfs2_find_entry+0x10/0x10
[  105.012025][ T6024]  ? __asan_memset+0x23/0x50
[  105.016695][ T6024]  ? lockdep_init_map_type+0xa1/0x910
[  105.022064][ T6024]  ? __pfx_register_lock_class+0x10/0x10
[  105.027701][ T6024]  ? mark_lock+0x9a/0x360
[  105.032025][ T6024]  ? __lock_acquire+0x1384/0x2050
[  105.037394][ T6024]  ? format_decode+0xc5f/0x1bb0
[  105.042248][ T6024]  ? __pfx_format_decode+0x10/0x10
[  105.047348][ T6024]  ? string+0x26a/0x2b0
[  105.051490][ T6024]  ? widen_string+0x3a/0x310
[  105.056171][ T6024]  ? string+0x26a/0x2b0
[  105.060320][ T6024]  ? vsnprintf+0x1ccd/0x1da0
[  105.064909][ T6024]  ocfs2_find_files_on_disk+0xff/0x360
[  105.070369][ T6024]  ocfs2_lookup_ino_from_name+0xb1/0x1e0
[  105.076300][ T6024]  ? __pfx_ocfs2_lookup_ino_from_name+0x10/0x10
[  105.082564][ T6024]  ? kasan_save_track+0x51/0x80
[  105.087434][ T6024]  ? kasan_save_track+0x3f/0x80
[  105.092307][ T6024]  ? __kasan_kmalloc+0x98/0xb0
[  105.097434][ T6024]  ? ocfs2_new_dlm_debug+0x97/0x200
[  105.102634][ T6024]  ocfs2_get_system_file_inode+0x305/0x7b0
[  105.108523][ T6024]  ? __pfx_ocfs2_get_system_file_inode+0x10/0x10
[  105.114864][ T6024]  ocfs2_init_global_system_inodes+0x32c/0x730
[  105.121104][ T6024]  ? __pfx_ocfs2_init_global_system_inodes+0x10/0x10
[  105.127777][ T6024]  ? __kmalloc_cache_noprof+0x19c/0x2c0
[  105.133403][ T6024]  ? ocfs2_new_dlm_debug+0xb5/0x200
[  105.138619][ T6024]  ? __pfx_ocfs2_new_dlm_debug+0x10/0x10
[  105.144245][ T6024]  ? rcu_is_watching+0x15/0xb0
[  105.149000][ T6024]  ? trace_ocfs2_initialize_super+0x9e/0x230
[  105.154968][ T6024]  ocfs2_fill_super+0x2f47/0x5750
[  105.160019][ T6024]  ? __pfx_ocfs2_fill_super+0x10/0x10
[  105.165382][ T6024]  ? __pfx_validate_chain+0x10/0x10
[  105.170577][ T6024]  ? __pfx_validate_chain+0x10/0x10
[  105.175871][ T6024]  ? preempt_count_add+0x93/0x190
[  105.180993][ T6024]  ? __pfx_validate_chain+0x10/0x10
[  105.186219][ T6024]  ? mark_lock+0x9a/0x360
[  105.190544][ T6024]  ? __lock_acquire+0x1384/0x2050
[  105.195584][ T6024]  ? validate_chain+0x11e/0x5920
[  105.200527][ T6024]  ? __lock_acquire+0x1384/0x2050
[  105.205631][ T6024]  ? __pfx_validate_chain+0x10/0x10
[  105.210824][ T6024]  ? string+0x26a/0x2b0
[  105.214970][ T6024]  ? widen_string+0x3a/0x310
[  105.219553][ T6024]  ? string+0x26a/0x2b0
[  105.223700][ T6024]  ? bdev_name+0x2b1/0x3c0
[  105.228155][ T6024]  ? pointer+0x703/0x1210
[  105.232479][ T6024]  ? __pfx_pointer+0x10/0x10
[  105.237067][ T6024]  ? __pfx_format_decode+0x10/0x10
[  105.242177][ T6024]  ? __lock_acquire+0x1384/0x2050
[  105.247196][ T6024]  ? vsnprintf+0x1ccd/0x1da0
[  105.251785][ T6024]  ? snprintf+0xda/0x120
[  105.256038][ T6024]  ? __pfx_lock_release+0x10/0x10
[  105.261166][ T6024]  ? do_raw_spin_lock+0x14f/0x370
[  105.266396][ T6024]  ? __pfx_snprintf+0x10/0x10
[  105.271171][ T6024]  ? set_blocksize+0x1f9/0x360
[  105.275925][ T6024]  ? sb_set_blocksize+0x98/0xf0
[  105.280767][ T6024]  ? setup_bdev_super+0x4e6/0x5d0
[  105.285784][ T6024]  mount_bdev+0x20a/0x2d0
[  105.290108][ T6024]  ? __pfx_ocfs2_fill_super+0x10/0x10
[  105.295493][ T6024]  ? __pfx_mount_bdev+0x10/0x10
[  105.300769][ T6024]  ? vfs_parse_fs_string+0x190/0x230
[  105.306056][ T6024]  ? __pfx_vfs_parse_fs_string+0x10/0x10
[  105.311919][ T6024]  legacy_get_tree+0xee/0x190
[  105.316604][ T6024]  ? __pfx_ocfs2_mount+0x10/0x10
[  105.321626][ T6024]  vfs_get_tree+0x90/0x2b0
[  105.326038][ T6024]  do_new_mount+0x2be/0xb40
[  105.330643][ T6024]  ? __pfx_do_new_mount+0x10/0x10
[  105.335677][ T6024]  __se_sys_mount+0x2d6/0x3c0
[  105.340351][ T6024]  ? __pfx___se_sys_mount+0x10/0x10
[  105.345543][ T6024]  ? exc_page_fault+0x590/0x8c0
[  105.350401][ T6024]  ? __x64_sys_mount+0x20/0xc0
[  105.355155][ T6024]  do_syscall_64+0xf3/0x230
[  105.359651][ T6024]  ? clear_bhb_loop+0x35/0x90
[  105.364317][ T6024]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  105.370583][ T6024] RIP: 0033:0x7f601b77f79a
[  105.375003][ T6024] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  105.394605][ T6024] RSP: 002b:00007f601c617e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  105.403108][ T6024] RAX: ffffffffffffffda RBX: 00007f601c617ef0 RCX: 00007f601b77f79a
[  105.411123][ T6024] RDX: 0000000020004440 RSI: 0000000020000780 RDI: 00007f601c617eb0
[  105.419082][ T6024] RBP: 0000000020004440 R08: 00007f601c617ef0 R09: 0000000001000000
[  105.427043][ T6024] R10: 0000000001000000 R11: 0000000000000246 R12: 0000000020000780
[  105.435008][ T6024] R13: 00007f601c617eb0 R14: 000000000000444a R15: 00000000200005c0
[  105.442975][ T6024]  </TASK>
[  105.445982][ T6024] 
[  105.448290][ T6024] The buggy address belongs to the physical page:
[  105.454705][ T6024] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xfe pfn:0x71ab4
[  105.463644][ T6024] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  105.470766][ T6024] page_type: f0(buddy)
[  105.474841][ T6024] raw: 00fff00000000000 ffffea00016d9b08 ffffea00016e2988 0000000000000000
[  105.483412][ T6024] raw: 00000000000000fe 0000000000000001 00000000f0000000 0000000000000000
[  105.492000][ T6024] page dumped because: kasan: bad access detected
[  105.498491][ T6024] page_owner tracks the page as freed
[  105.503869][ T6024] page last allocated via order 0, migratetype Movable, gfp_mask 0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), pid 5999, tgid 5998 (syz.0.16), ts 103930005743, free_ts 104296275746
[  105.521478][ T6024]  post_alloc_hook+0x1f3/0x230
[  105.526236][ T6024]  get_page_from_freelist+0x3039/0x3180
[  105.531776][ T6024]  __alloc_pages_noprof+0x292/0x710
[  105.536999][ T6024]  alloc_pages_mpol_noprof+0x3e8/0x680
[  105.542627][ T6024]  folio_alloc_mpol_noprof+0x36/0x50
[  105.547980][ T6024]  shmem_alloc_and_add_folio+0x49b/0x13d0
[  105.553859][ T6024]  shmem_get_folio_gfp+0x5a9/0x20a0
[  105.559169][ T6024]  shmem_write_begin+0x17e/0x460
[  105.564194][ T6024]  generic_perform_write+0x344/0x6d0
[  105.569476][ T6024]  shmem_file_write_iter+0xf9/0x120
[  105.574666][ T6024]  vfs_write+0xa6d/0xc90
[  105.578899][ T6024]  ksys_write+0x183/0x2b0
[  105.583217][ T6024]  do_syscall_64+0xf3/0x230
[  105.587710][ T6024]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  105.593615][ T6024] page last free pid 5999 tgid 5998 stack trace:
[  105.599933][ T6024]  free_unref_folios+0xee2/0x18a0
[  105.604953][ T6024]  folios_put_refs+0x76c/0x860
[  105.609705][ T6024]  shmem_undo_range+0x64c/0x1cf0
[  105.614658][ T6024]  shmem_evict_inode+0x29b/0xa80
[  105.619670][ T6024]  evict+0x4e8/0x9b0
[  105.623603][ T6024]  __dentry_kill+0x20d/0x630
[  105.628463][ T6024]  dput+0x19f/0x2b0
[  105.632287][ T6024]  __fput+0x5d2/0x880
[  105.636280][ T6024]  task_work_run+0x24f/0x310
[  105.640859][ T6024]  syscall_exit_to_user_mode+0x168/0x370
[  105.646480][ T6024]  do_syscall_64+0x100/0x230
[  105.651058][ T6024]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  105.657150][ T6024] 
[  105.659461][ T6024] Memory state around the buggy address:
[  105.665074][ T6024]  ffff888071ab3f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  105.673148][ T6024]  ffff888071ab3f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  105.681194][ T6024] >ffff888071ab4000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  105.689241][ T6024]                    ^
[  105.693315][ T6024]  ffff888071ab4080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  105.701372][ T6024]  ffff888071ab4100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  105.709414][ T6024] ==================================================================
[  105.724300][ T5306] Bluetooth: hci0: command tx timeout
[  105.757742][ T6024] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  105.765098][ T6024] CPU: 1 UID: 0 PID: 6024 Comm: syz.0.17 Not tainted 6.12.0-rc3-syzkaller-00454-gdb87114dcf13 #0
[  105.775625][ T6024] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  105.785873][ T6024] Call Trace:
[  105.789187][ T6024]  <TASK>
[  105.792258][ T6024]  dump_stack_lvl+0x241/0x360
[  105.796970][ T6024]  ? __pfx_dump_stack_lvl+0x10/0x10
[  105.802453][ T6024]  ? __pfx__printk+0x10/0x10
[  105.807162][ T6024]  ? preempt_schedule+0xe1/0xf0
[  105.812137][ T6024]  ? vscnprintf+0x5d/0x90
[  105.816498][ T6024]  panic+0x349/0x880
[  105.820511][ T6024]  ? check_panic_on_warn+0x21/0xb0
[  105.825665][ T6024]  ? __pfx_panic+0x10/0x10
[  105.830198][ T6024]  ? _raw_spin_unlock_irqrestore+0x130/0x140
[  105.836222][ T6024]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  105.842597][ T6024]  ? print_report+0x502/0x550
[  105.847318][ T6024]  check_panic_on_warn+0x86/0xb0
[  105.852311][ T6024]  ? __ocfs2_find_path+0x203/0x7e0
[  105.857562][ T6024]  end_report+0x77/0x160
[  105.861842][ T6024]  kasan_report+0x154/0x180
[  105.866379][ T6024]  ? __ocfs2_find_path+0x203/0x7e0
[  105.871527][ T6024]  __ocfs2_find_path+0x203/0x7e0
[  105.876495][ T6024]  ? __pfx_find_leaf_ins+0x10/0x10
[  105.881635][ T6024]  ? __pfx___ocfs2_find_path+0x10/0x10
[  105.887132][ T6024]  ? __pfx_ocfs2_validate_inode_block+0x10/0x10
[  105.893416][ T6024]  ocfs2_find_leaf+0xcf/0x230
[  105.898236][ T6024]  ? __pfx_ocfs2_find_leaf+0x10/0x10
[  105.903553][ T6024]  ? __pfx_ocfs2_validate_inode_block+0x10/0x10
[  105.909827][ T6024]  ocfs2_get_clusters_nocache+0x1ad/0xbf0
[  105.915617][ T6024]  ? __pfx_ocfs2_get_clusters_nocache+0x10/0x10
[  105.921895][ T6024]  ? ocfs2_read_inode_block+0x14c/0x1e0
[  105.927561][ T6024]  ? __pfx_ocfs2_read_inode_block+0x10/0x10
[  105.933494][ T6024]  ? do_raw_spin_unlock+0x13c/0x8b0
[  105.938727][ T6024]  ocfs2_get_clusters+0x5bd/0xbd0
[  105.943797][ T6024]  ? __pfx_ocfs2_get_clusters+0x10/0x10
[  105.949377][ T6024]  ? mark_lock+0x9a/0x360
[  105.953740][ T6024]  ? __pfx_lock_acquire+0x10/0x10
[  105.958976][ T6024]  ? validate_chain+0x11e/0x5920
[  105.963943][ T6024]  ocfs2_extent_map_get_blocks+0x24c/0x7d0
[  105.969776][ T6024]  ? __pfx_ocfs2_extent_map_get_blocks+0x10/0x10
[  105.976137][ T6024]  ocfs2_read_virt_blocks+0x313/0xb20
[  105.981535][ T6024]  ? do_raw_spin_unlock+0x13c/0x8b0
[  105.986770][ T6024]  ? __pfx_ocfs2_validate_dir_block+0x10/0x10
[  105.992867][ T6024]  ? __pfx_ocfs2_read_virt_blocks+0x10/0x10
[  105.998848][ T6024]  ? __lock_acquire+0x1384/0x2050
[  106.003913][ T6024]  ? __pfx_validate_chain+0x10/0x10
[  106.009139][ T6024]  ocfs2_find_entry+0x43b/0x2780
[  106.014113][ T6024]  ? __pfx_ocfs2_find_entry+0x10/0x10
[  106.019880][ T6024]  ? __asan_memset+0x23/0x50
[  106.024506][ T6024]  ? lockdep_init_map_type+0xa1/0x910
[  106.029915][ T6024]  ? __pfx_register_lock_class+0x10/0x10
[  106.035711][ T6024]  ? mark_lock+0x9a/0x360
[  106.040075][ T6024]  ? __lock_acquire+0x1384/0x2050
[  106.045140][ T6024]  ? format_decode+0xc5f/0x1bb0
[  106.050027][ T6024]  ? __pfx_format_decode+0x10/0x10
[  106.055228][ T6024]  ? string+0x26a/0x2b0
[  106.059420][ T6024]  ? widen_string+0x3a/0x310
[  106.064065][ T6024]  ? string+0x26a/0x2b0
[  106.068346][ T6024]  ? vsnprintf+0x1ccd/0x1da0
[  106.073062][ T6024]  ocfs2_find_files_on_disk+0xff/0x360
[  106.078560][ T6024]  ocfs2_lookup_ino_from_name+0xb1/0x1e0
[  106.084321][ T6024]  ? __pfx_ocfs2_lookup_ino_from_name+0x10/0x10
[  106.090608][ T6024]  ? kasan_save_track+0x51/0x80
[  106.095502][ T6024]  ? kasan_save_track+0x3f/0x80
[  106.100392][ T6024]  ? __kasan_kmalloc+0x98/0xb0
[  106.105236][ T6024]  ? ocfs2_new_dlm_debug+0x97/0x200
[  106.110470][ T6024]  ocfs2_get_system_file_inode+0x305/0x7b0
[  106.116321][ T6024]  ? __pfx_ocfs2_get_system_file_inode+0x10/0x10
[  106.122687][ T6024]  ocfs2_init_global_system_inodes+0x32c/0x730
[  106.128889][ T6024]  ? __pfx_ocfs2_init_global_system_inodes+0x10/0x10
[  106.135688][ T6024]  ? __kmalloc_cache_noprof+0x19c/0x2c0
[  106.141261][ T6024]  ? ocfs2_new_dlm_debug+0xb5/0x200
[  106.146584][ T6024]  ? __pfx_ocfs2_new_dlm_debug+0x10/0x10
[  106.152342][ T6024]  ? rcu_is_watching+0x15/0xb0
[  106.157139][ T6024]  ? trace_ocfs2_initialize_super+0x9e/0x230
[  106.163146][ T6024]  ocfs2_fill_super+0x2f47/0x5750
[  106.168216][ T6024]  ? __pfx_ocfs2_fill_super+0x10/0x10
[  106.173626][ T6024]  ? __pfx_validate_chain+0x10/0x10
[  106.178854][ T6024]  ? __pfx_validate_chain+0x10/0x10
[  106.184074][ T6024]  ? preempt_count_add+0x93/0x190
[  106.189217][ T6024]  ? __pfx_validate_chain+0x10/0x10
[  106.194460][ T6024]  ? mark_lock+0x9a/0x360
[  106.198809][ T6024]  ? __lock_acquire+0x1384/0x2050
[  106.203867][ T6024]  ? validate_chain+0x11e/0x5920
[  106.208834][ T6024]  ? __lock_acquire+0x1384/0x2050
[  106.213980][ T6024]  ? __pfx_validate_chain+0x10/0x10
[  106.219212][ T6024]  ? string+0x26a/0x2b0
[  106.223402][ T6024]  ? widen_string+0x3a/0x310
[  106.228016][ T6024]  ? string+0x26a/0x2b0
[  106.232200][ T6024]  ? bdev_name+0x2b1/0x3c0
[  106.236645][ T6024]  ? pointer+0x703/0x1210
[  106.241008][ T6024]  ? __pfx_pointer+0x10/0x10
[  106.245622][ T6024]  ? __pfx_format_decode+0x10/0x10
[  106.250754][ T6024]  ? __lock_acquire+0x1384/0x2050
[  106.255822][ T6024]  ? vsnprintf+0x1ccd/0x1da0
[  106.260451][ T6024]  ? snprintf+0xda/0x120
[  106.264724][ T6024]  ? __pfx_lock_release+0x10/0x10
[  106.269786][ T6024]  ? do_raw_spin_lock+0x14f/0x370
[  106.274830][ T6024]  ? __pfx_snprintf+0x10/0x10
[  106.279530][ T6024]  ? set_blocksize+0x1f9/0x360
[  106.284324][ T6024]  ? sb_set_blocksize+0x98/0xf0
[  106.289250][ T6024]  ? setup_bdev_super+0x4e6/0x5d0
[  106.294307][ T6024]  mount_bdev+0x20a/0x2d0
[  106.298667][ T6024]  ? __pfx_ocfs2_fill_super+0x10/0x10
[  106.304067][ T6024]  ? __pfx_mount_bdev+0x10/0x10
[  106.308943][ T6024]  ? vfs_parse_fs_string+0x190/0x230
[  106.314288][ T6024]  ? __pfx_vfs_parse_fs_string+0x10/0x10
[  106.319966][ T6024]  legacy_get_tree+0xee/0x190
[  106.324686][ T6024]  ? __pfx_ocfs2_mount+0x10/0x10
[  106.329666][ T6024]  vfs_get_tree+0x90/0x2b0
[  106.334112][ T6024]  do_new_mount+0x2be/0xb40
[  106.338642][ T6024]  ? __pfx_do_new_mount+0x10/0x10
[  106.343712][ T6024]  __se_sys_mount+0x2d6/0x3c0
[  106.348415][ T6024]  ? __pfx___se_sys_mount+0x10/0x10
[  106.353648][ T6024]  ? exc_page_fault+0x590/0x8c0
[  106.358525][ T6024]  ? __x64_sys_mount+0x20/0xc0
[  106.363321][ T6024]  do_syscall_64+0xf3/0x230
[  106.367845][ T6024]  ? clear_bhb_loop+0x35/0x90
[  106.372557][ T6024]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  106.378485][ T6024] RIP: 0033:0x7f601b77f79a
[  106.382936][ T6024] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  106.402564][ T6024] RSP: 002b:00007f601c617e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  106.411020][ T6024] RAX: ffffffffffffffda RBX: 00007f601c617ef0 RCX: 00007f601b77f79a
[  106.419104][ T6024] RDX: 0000000020004440 RSI: 0000000020000780 RDI: 00007f601c617eb0
[  106.427210][ T6024] RBP: 0000000020004440 R08: 00007f601c617ef0 R09: 0000000001000000
[  106.435253][ T6024] R10: 0000000001000000 R11: 0000000000000246 R12: 0000000020000780
[  106.443264][ T6024] R13: 00007f601c617eb0 R14: 000000000000444a R15: 00000000200005c0
[  106.451273][ T6024]  </TASK>
[  106.454605][ T6024] Kernel Offset: disabled
[  106.458927][ T6024] Rebooting in 86400 seconds..