Warning: Permanently added '10.128.1.98' (ED25519) to the list of known hosts.
2025/01/31 11:01:19 ignoring optional flag "sandboxArg"="0"
2025/01/31 11:01:19 parsed 1 programs
[  105.418663][ T6267] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  108.201951][ T5134] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  108.211657][ T5134] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  108.220028][ T5134] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  108.229088][ T5134] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  108.236914][ T5134] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  108.244436][ T5134] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  108.965106][ T6315] chnl_net:caif_netlink_parms(): no params data found
[  109.026404][ T6315] bridge0: port 1(bridge_slave_0) entered blocking state
[  109.034192][ T6315] bridge0: port 1(bridge_slave_0) entered disabled state
[  109.042006][ T6315] bridge_slave_0: entered allmulticast mode
[  109.049345][ T6315] bridge_slave_0: entered promiscuous mode
[  109.063636][ T6315] bridge0: port 2(bridge_slave_1) entered blocking state
[  109.071261][ T6315] bridge0: port 2(bridge_slave_1) entered disabled state
[  109.080194][ T6315] bridge_slave_1: entered allmulticast mode
[  109.087698][ T6315] bridge_slave_1: entered promiscuous mode
[  109.114980][ T6315] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  109.126470][ T6315] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  109.150754][ T6315] team0: Port device team_slave_0 added
[  109.161895][ T6315] team0: Port device team_slave_1 added
[  109.182033][ T6315] batman_adv: batadv0: Adding interface: batadv_slave_0
[  109.189205][ T6315] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  109.215531][ T6315] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  109.228437][ T6315] batman_adv: batadv0: Adding interface: batadv_slave_1
[  109.235671][ T6315] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  109.262197][ T6315] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  109.296609][ T6315] hsr_slave_0: entered promiscuous mode
[  109.303383][ T6315] hsr_slave_1: entered promiscuous mode
[  109.797419][ T6315] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  109.812161][ T6315] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  109.821901][ T6315] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  109.834351][ T6315] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  109.860932][ T6315] bridge0: port 2(bridge_slave_1) entered blocking state
[  109.868315][ T6315] bridge0: port 2(bridge_slave_1) entered forwarding state
[  109.876643][ T6315] bridge0: port 1(bridge_slave_0) entered blocking state
[  109.884004][ T6315] bridge0: port 1(bridge_slave_0) entered forwarding state
[  109.938699][   T71] bridge0: port 1(bridge_slave_0) entered disabled state
[  109.949262][   T71] bridge0: port 2(bridge_slave_1) entered disabled state
[  109.976398][ T6315] 8021q: adding VLAN 0 to HW filter on device bond0
[  109.999137][ T6315] 8021q: adding VLAN 0 to HW filter on device team0
[  110.014226][   T71] bridge0: port 1(bridge_slave_0) entered blocking state
[  110.022166][   T71] bridge0: port 1(bridge_slave_0) entered forwarding state
[  110.038620][ T1316] bridge0: port 2(bridge_slave_1) entered blocking state
[  110.046724][ T1316] bridge0: port 2(bridge_slave_1) entered forwarding state
[  110.242338][ T6315] 8021q: adding VLAN 0 to HW filter on device batadv0
[  110.284036][ T6315] veth0_vlan: entered promiscuous mode
[  110.298492][ T6315] veth1_vlan: entered promiscuous mode
[  110.330502][ T6315] veth0_macvtap: entered promiscuous mode
[  110.342326][ T6315] veth1_macvtap: entered promiscuous mode
[  110.363972][ T6315] batman_adv: batadv0: Interface activated: batadv_slave_0
[  110.379792][ T6315] batman_adv: batadv0: Interface activated: batadv_slave_1
[  110.391343][ T6315] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  110.401700][ T6315] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  110.412235][ T6315] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  110.421548][ T6315] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  110.607000][   T71] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  110.694003][   T71] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  110.788004][   T71] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  110.880893][   T71] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  111.944087][ T2962] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  111.963265][ T2962] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  111.991870][ T1316] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  112.003549][ T1316] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2025/01/31 11:01:30 executed programs: 0
[  112.165578][ T5134] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  112.176619][ T5134] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  112.202411][ T5134] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  112.213782][ T5134] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  112.222289][ T5134] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  112.229821][ T5134] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  112.412919][ T6464] chnl_net:caif_netlink_parms(): no params data found
[  112.505962][ T6464] bridge0: port 1(bridge_slave_0) entered blocking state
[  112.515078][ T6464] bridge0: port 1(bridge_slave_0) entered disabled state
[  112.523289][ T6464] bridge_slave_0: entered allmulticast mode
[  112.530771][ T6464] bridge_slave_0: entered promiscuous mode
[  112.539011][ T6464] bridge0: port 2(bridge_slave_1) entered blocking state
[  112.546553][ T6464] bridge0: port 2(bridge_slave_1) entered disabled state
[  112.554469][ T6464] bridge_slave_1: entered allmulticast mode
[  112.562527][ T6464] bridge_slave_1: entered promiscuous mode
[  112.592718][ T6464] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  112.604915][ T6464] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  112.638583][ T6464] team0: Port device team_slave_0 added
[  112.647922][ T6464] team0: Port device team_slave_1 added
[  112.675981][ T6464] batman_adv: batadv0: Adding interface: batadv_slave_0
[  112.683408][ T6464] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  112.714568][ T6464] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  112.728027][ T6464] batman_adv: batadv0: Adding interface: batadv_slave_1
[  112.735262][ T6464] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  112.765539][ T6464] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  112.814005][ T6464] hsr_slave_0: entered promiscuous mode
[  112.821299][ T6464] hsr_slave_1: entered promiscuous mode
[  112.830645][ T6464] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  112.838448][ T6464] Cannot create hsr debugfs directory
[  113.416261][   T71] bridge_slave_1: left allmulticast mode
[  113.429944][   T71] bridge_slave_1: left promiscuous mode
[  113.435970][   T71] bridge0: port 2(bridge_slave_1) entered disabled state
[  113.448439][   T71] bridge_slave_0: left allmulticast mode
[  113.454141][   T71] bridge_slave_0: left promiscuous mode
[  113.460711][   T71] bridge0: port 1(bridge_slave_0) entered disabled state
[  113.835531][   T71] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  113.851147][   T71] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  113.862264][   T71] bond0 (unregistering): Released all slaves
[  113.950294][   T71] hsr_slave_0: left promiscuous mode
[  113.956816][   T71] hsr_slave_1: left promiscuous mode
[  113.962560][   T71] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  113.970697][   T71] batman_adv: batadv0: Removing interface: batadv_slave_0
[  113.979876][   T71] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  113.988526][   T71] batman_adv: batadv0: Removing interface: batadv_slave_1
[  114.008456][   T71] veth1_macvtap: left promiscuous mode
[  114.014042][   T71] veth0_macvtap: left promiscuous mode
[  114.021504][   T71] veth1_vlan: left promiscuous mode
[  114.027106][   T71] veth0_vlan: left promiscuous mode
[  114.260531][ T5906] Bluetooth: hci0: command tx timeout
[  114.393364][   T71] team0 (unregistering): Port device team_slave_1 removed
[  114.423552][   T71] team0 (unregistering): Port device team_slave_0 removed
[  115.058832][ T6464] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  115.075163][ T6464] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  115.086406][ T6464] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  115.103108][ T6464] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  115.502409][ T6464] 8021q: adding VLAN 0 to HW filter on device bond0
[  115.556379][ T6464] 8021q: adding VLAN 0 to HW filter on device team0
[  115.603170][ T1081] bridge0: port 1(bridge_slave_0) entered blocking state
[  115.610356][ T1081] bridge0: port 1(bridge_slave_0) entered forwarding state
[  115.656144][ T1316] bridge0: port 2(bridge_slave_1) entered blocking state
[  115.663612][ T1316] bridge0: port 2(bridge_slave_1) entered forwarding state
[  115.733486][ T6464] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  115.941133][ T6464] 8021q: adding VLAN 0 to HW filter on device batadv0
[  115.990439][ T6464] veth0_vlan: entered promiscuous mode
[  116.006188][ T6464] veth1_vlan: entered promiscuous mode
[  116.038395][ T6464] veth0_macvtap: entered promiscuous mode
[  116.051151][ T6464] veth1_macvtap: entered promiscuous mode
[  116.072490][ T6464] batman_adv: batadv0: Interface activated: batadv_slave_0
[  116.089562][ T6464] batman_adv: batadv0: Interface activated: batadv_slave_1
[  116.102140][ T6464] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  116.114485][ T6464] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  116.124365][ T6464] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  116.136052][ T6464] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  116.218907][ T1316] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  116.234208][ T1316] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  116.261368][ T1316] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  116.272782][ T1316] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  116.336832][ T5906] Bluetooth: hci0: command tx timeout
[  116.705917][ T6624] loop0: detected capacity change from 0 to 32768
[  116.728641][ T6624] OCFS2: ERROR (device loop0): int __ocfs2_find_path(struct ocfs2_caching_info *, struct ocfs2_extent_list *, u32, path_insert_t *, void *): Owner 66 has bad blkno in extent list at depth 65533 (index 65534)
[  116.755465][ T6624] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted.
[  116.770117][ T6624] OCFS2: File system is now read-only.
[  116.777842][ T6624] (syz.0.15,6624,0):ocfs2_find_leaf:1940 ERROR: status = -30
[  116.785322][ T6624] (syz.0.15,6624,0):ocfs2_get_clusters_nocache:421 ERROR: status = -30
[  116.796359][ T6624] (syz.0.15,6624,0):ocfs2_get_clusters:634 ERROR: status = -30
[  116.804667][ T6624] (syz.0.15,6624,0):ocfs2_extent_map_get_blocks:681 ERROR: status = -30
[  116.815209][ T6624] (syz.0.15,6624,0):ocfs2_read_virt_blocks:997 ERROR: status = -30
[  116.830527][ T6624] (syz.0.15,6624,0):ocfs2_read_dir_block:511 ERROR: status = -30
[  116.839799][ T6624] (syz.0.15,6624,0):ocfs2_init_global_system_inodes:465 ERROR: status = -30
[  116.851734][ T6624] (syz.0.15,6624,0):ocfs2_init_global_system_inodes:467 ERROR: Unable to load system inode 1, possibly corrupt fs?
[  116.851768][ T6624] (syz.0.15,6624,0):ocfs2_init_global_system_inodes:476 ERROR: status = -30
[  116.877747][ T6624] (syz.0.15,6624,0):ocfs2_initialize_super:2195 ERROR: status = -30
[  116.885850][ T6624] (syz.0.15,6624,0):ocfs2_fill_super:1177 ERROR: status = -30
[  117.359508][ T6649] loop0: detected capacity change from 0 to 32768
[  117.396577][ T6649] OCFS2: ERROR (device loop0): int ocfs2_validate_extent_block(struct super_block *, struct buffer_head *): Extent block #2 has bad signature OCFSV2
[  117.413977][ T6649] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted.
[  117.424998][ T6649] OCFS2: File system is now read-only.
[  117.431736][ T6649] (syz.0.16,6649,1):__ocfs2_find_path:1844 ERROR: status = -30
[  117.442165][ T6649] (syz.0.16,6649,1):ocfs2_find_leaf:1940 ERROR: status = -30
[  117.450111][ T6649] (syz.0.16,6649,1):ocfs2_get_clusters_nocache:421 ERROR: status = -30
[  117.462031][ T6649] (syz.0.16,6649,0):ocfs2_get_clusters:634 ERROR: status = -30
[  117.471528][ T6649] (syz.0.16,6649,0):ocfs2_extent_map_get_blocks:681 ERROR: status = -30
[  117.482507][ T6649] (syz.0.16,6649,0):ocfs2_read_virt_blocks:997 ERROR: status = -30
[  117.490943][ T6649] (syz.0.16,6649,0):ocfs2_read_dir_block:511 ERROR: status = -30
[  117.499369][ T6649] (syz.0.16,6649,0):ocfs2_init_global_system_inodes:465 ERROR: status = -30
[  117.508875][ T6649] (syz.0.16,6649,0):ocfs2_init_global_system_inodes:467 ERROR: Unable to load system inode 1, possibly corrupt fs?
[  117.508907][ T6649] (syz.0.16,6649,0):ocfs2_init_global_system_inodes:476 ERROR: status = -30
[  117.530844][ T6649] (syz.0.16,6649,0):ocfs2_initialize_super:2195 ERROR: status = -30
[  117.539835][ T6649] (syz.0.16,6649,0):ocfs2_fill_super:1177 ERROR: status = -30
2025/01/31 11:01:36 executed programs: 4
[  118.022919][ T6675] loop0: detected capacity change from 0 to 32768
[  118.038441][ T6675] ==================================================================
[  118.046637][ T6675] BUG: KASAN: use-after-free in __ocfs2_find_path+0x203/0x7e0
[  118.054340][ T6675] Read of size 4 at addr ffff888064a94000 by task syz.0.17/6675
[  118.062185][ T6675] 
[  118.064556][ T6675] CPU: 1 UID: 0 PID: 6675 Comm: syz.0.17 Not tainted 6.13.0-syzkaller-09760-g69e858e0b8b2 #0
[  118.064577][ T6675] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  118.064591][ T6675] Call Trace:
[  118.064597][ T6675]  <TASK>
[  118.064604][ T6675]  dump_stack_lvl+0x241/0x360
[  118.064632][ T6675]  ? __pfx_dump_stack_lvl+0x10/0x10
[  118.064652][ T6675]  ? __pfx__printk+0x10/0x10
[  118.064673][ T6675]  ? _printk+0xd5/0x120
[  118.064693][ T6675]  ? __virt_addr_valid+0x183/0x530
[  118.064714][ T6675]  ? __virt_addr_valid+0x183/0x530
[  118.064734][ T6675]  print_report+0x169/0x550
[  118.064753][ T6675]  ? __virt_addr_valid+0x183/0x530
[  118.064772][ T6675]  ? __virt_addr_valid+0x183/0x530
[  118.064790][ T6675]  ? __virt_addr_valid+0x45f/0x530
[  118.064809][ T6675]  ? __phys_addr+0xba/0x170
[  118.064829][ T6675]  ? __ocfs2_find_path+0x203/0x7e0
[  118.064848][ T6675]  kasan_report+0x143/0x180
[  118.064866][ T6675]  ? __ocfs2_find_path+0x203/0x7e0
[  118.064887][ T6675]  __ocfs2_find_path+0x203/0x7e0
[  118.064907][ T6675]  ? __pfx_find_leaf_ins+0x10/0x10
[  118.064925][ T6675]  ? __pfx___ocfs2_find_path+0x10/0x10
[  118.064945][ T6675]  ? __pfx_ocfs2_validate_inode_block+0x10/0x10
[  118.064966][ T6675]  ocfs2_find_leaf+0xcf/0x230
[  118.064985][ T6675]  ? __pfx_ocfs2_find_leaf+0x10/0x10
[  118.065008][ T6675]  ocfs2_get_clusters_nocache+0x1b6/0xca0
[  118.065034][ T6675]  ? __pfx_ocfs2_get_clusters_nocache+0x10/0x10
[  118.065058][ T6675]  ? ocfs2_read_inode_block+0x14c/0x1e0
[  118.065119][ T6675]  ? __pfx_ocfs2_read_inode_block+0x10/0x10
[  118.065137][ T6675]  ? do_raw_spin_unlock+0x13c/0x8b0
[  118.065157][ T6675]  ocfs2_get_clusters+0x5bd/0xbd0
[  118.065180][ T6675]  ? mark_lock+0x9a/0x360
[  118.065201][ T6675]  ? __pfx_ocfs2_get_clusters+0x10/0x10
[  118.065227][ T6675]  ? __pfx_lock_acquire+0x10/0x10
[  118.065246][ T6675]  ? validate_chain+0x11e/0x5920
[  118.065266][ T6675]  ? __lock_acquire+0x1397/0x2100
[  118.065285][ T6675]  ocfs2_extent_map_get_blocks+0x24c/0x7d0
[  118.065311][ T6675]  ? __pfx_ocfs2_extent_map_get_blocks+0x10/0x10
[  118.065343][ T6675]  ? __pfx_validate_chain+0x10/0x10
[  118.065365][ T6675]  ocfs2_read_virt_blocks+0x313/0xb10
[  118.065390][ T6675]  ? __pfx_ocfs2_validate_dir_block+0x10/0x10
[  118.065415][ T6675]  ? __pfx_ocfs2_read_virt_blocks+0x10/0x10
[  118.065437][ T6675]  ? number+0xcc5/0xf40
[  118.065460][ T6675]  ocfs2_find_entry+0x433/0x2570
[  118.065485][ T6675]  ? __pfx_ocfs2_find_entry+0x10/0x10
[  118.065504][ T6675]  ? __pfx_register_lock_class+0x10/0x10
[  118.065521][ T6675]  ? __asan_memset+0x23/0x50
[  118.065543][ T6675]  ? mark_lock+0x9a/0x360
[  118.065564][ T6675]  ? __lock_acquire+0x1397/0x2100
[  118.065594][ T6675]  ? format_decode+0x56c/0xca0
[  118.065608][ T6675]  ? string+0x270/0x2b0
[  118.065621][ T6675]  ? widen_string+0x3a/0x300
[  118.065636][ T6675]  ? string+0x270/0x2b0
[  118.065650][ T6675]  ? vsnprintf+0x1152/0x1220
[  118.065672][ T6675]  ocfs2_find_files_on_disk+0xff/0x360
[  118.065695][ T6675]  ocfs2_lookup_ino_from_name+0xb1/0x1e0
[  118.065718][ T6675]  ? __pfx_ocfs2_lookup_ino_from_name+0x10/0x10
[  118.065743][ T6675]  ? kasan_save_track+0x51/0x80
[  118.065757][ T6675]  ? kasan_save_track+0x3f/0x80
[  118.065770][ T6675]  ? __kasan_kmalloc+0x98/0xb0
[  118.065786][ T6675]  ? ocfs2_new_dlm_debug+0x97/0x200
[  118.065806][ T6675]  ocfs2_get_system_file_inode+0x305/0x7b0
[  118.065826][ T6675]  ? __pfx_ocfs2_get_system_file_inode+0x10/0x10
[  118.065852][ T6675]  ocfs2_init_global_system_inodes+0x32c/0x730
[  118.065871][ T6675]  ? __pfx_ocfs2_init_global_system_inodes+0x10/0x10
[  118.065888][ T6675]  ? __kmalloc_cache_noprof+0x243/0x390
[  118.065906][ T6675]  ? ocfs2_new_dlm_debug+0x97/0x200
[  118.065926][ T6675]  ? ocfs2_new_dlm_debug+0xb5/0x200
[  118.065944][ T6675]  ? __pfx_ocfs2_new_dlm_debug+0x10/0x10
[  118.065963][ T6675]  ? rcu_is_watching+0x15/0xb0
[  118.065983][ T6675]  ? trace_ocfs2_initialize_super+0x9e/0x230
[  118.065998][ T6675]  ocfs2_fill_super+0x4b69/0x7200
[  118.066027][ T6675]  ? __pfx_ocfs2_fill_super+0x10/0x10
[  118.066048][ T6675]  ? validate_chain+0x11e/0x5920
[  118.066071][ T6675]  ? mark_lock+0x9a/0x360
[  118.066091][ T6675]  ? __lock_acquire+0x1397/0x2100
[  118.066114][ T6675]  ? validate_chain+0x11e/0x5920
[  118.066135][ T6675]  ? __pfx_validate_chain+0x10/0x10
[  118.066161][ T6675]  ? is_bpf_text_address+0x26/0x2a0
[  118.066180][ T6675]  ? __pfx_validate_chain+0x10/0x10
[  118.066201][ T6675]  ? __pfx_validate_chain+0x10/0x10
[  118.066222][ T6675]  ? unwind_next_frame+0x18e6/0x22d0
[  118.066241][ T6675]  ? __pfx_validate_chain+0x10/0x10
[  118.066259][ T6675]  ? preempt_count_add+0x93/0x190
[  118.066273][ T6675]  ? mark_lock+0x9a/0x360
[  118.066292][ T6675]  ? mark_lock+0x9a/0x360
[  118.066312][ T6675]  ? __lock_acquire+0x1397/0x2100
[  118.066342][ T6675]  ? validate_chain+0x11e/0x5920
[  118.066364][ T6675]  ? mark_lock+0x9a/0x360
[  118.066390][ T6675]  ? __pfx_validate_chain+0x10/0x10
[  118.066415][ T6675]  ? string+0x270/0x2b0
[  118.066429][ T6675]  ? widen_string+0x3a/0x300
[  118.066444][ T6675]  ? string+0x270/0x2b0
[  118.066459][ T6675]  ? bdev_name+0x2a2/0x3b0
[  118.066477][ T6675]  ? pointer+0x764/0x1210
[  118.066489][ T6675]  ? bdev_open+0x882/0xc50
[  118.066508][ T6675]  ? __pfx_lock_release+0x10/0x10
[  118.066525][ T6675]  ? __pfx_pointer+0x10/0x10
[  118.066539][ T6675]  ? mark_lock+0x9a/0x360
[  118.066557][ T6675]  ? format_decode+0x56c/0xca0
[  118.066572][ T6675]  ? vsnprintf+0x1152/0x1220
[  118.066596][ T6675]  ? snprintf+0xda/0x120
[  118.066610][ T6675]  ? __pfx_lock_release+0x10/0x10
[  118.066627][ T6675]  ? do_raw_spin_lock+0x14f/0x370
[  118.066643][ T6675]  ? __pfx_snprintf+0x10/0x10
[  118.066657][ T6675]  ? set_blocksize+0x1fc/0x360
[  118.066673][ T6675]  ? sb_set_blocksize+0x98/0xf0
[  118.066688][ T6675]  ? setup_bdev_super+0x4e6/0x5d0
[  118.066704][ T6675]  get_tree_bdev_flags+0x48c/0x5c0
[  118.066719][ T6675]  ? __pfx_ocfs2_fill_super+0x10/0x10
[  118.066741][ T6675]  ? __pfx_get_tree_bdev_flags+0x10/0x10
[  118.066755][ T6675]  ? cap_capable+0x139/0x450
[  118.066775][ T6675]  ? safesetid_security_capable+0xb2/0x1d0
[  118.066797][ T6675]  vfs_get_tree+0x90/0x2b0
[  118.066812][ T6675]  do_new_mount+0x2be/0xb40
[  118.066830][ T6675]  ? __pfx_do_new_mount+0x10/0x10
[  118.066850][ T6675]  __se_sys_mount+0x2d6/0x3c0
[  118.066870][ T6675]  ? __pfx___se_sys_mount+0x10/0x10
[  118.066887][ T6675]  ? exc_page_fault+0x590/0x8b0
[  118.066904][ T6675]  ? __x64_sys_mount+0x20/0xc0
[  118.066921][ T6675]  do_syscall_64+0xf3/0x230
[  118.066940][ T6675]  ? clear_bhb_loop+0x35/0x90
[  118.066962][ T6675]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  118.066982][ T6675] RIP: 0033:0x7efcdbb7f79a
[  118.067012][ T6675] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  118.067024][ T6675] RSP: 002b:00007efcdca4ee68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  118.067042][ T6675] RAX: ffffffffffffffda RBX: 00007efcdca4eef0 RCX: 00007efcdbb7f79a
[  118.067054][ T6675] RDX: 0000000020004440 RSI: 0000000020000780 RDI: 00007efcdca4eeb0
[  118.067065][ T6675] RBP: 0000000020004440 R08: 00007efcdca4eef0 R09: 0000000001000000
[  118.067075][ T6675] R10: 0000000001000000 R11: 0000000000000246 R12: 0000000020000780
[  118.067085][ T6675] R13: 00007efcdca4eeb0 R14: 000000000000444a R15: 00000000200005c0
[  118.067101][ T6675]  </TASK>
[  118.067107][ T6675] 
[  118.779644][ T6675] The buggy address belongs to the physical page:
[  118.786279][ T6675] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x1a9 pfn:0x64a94
[  118.795332][ T6675] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  118.802657][ T6675] raw: 00fff00000000000 ffffea000192a548 ffff8880b8744870 0000000000000000
[  118.811506][ T6675] raw: 00000000000001a9 0000000000000000 00000000ffffffff 0000000000000000
[  118.820175][ T6675] page dumped because: kasan: bad access detected
[  118.826706][ T6675] page_owner tracks the page as freed
[  118.832096][ T6675] page last allocated via order 0, migratetype Movable, gfp_mask 0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), pid 6649, tgid 6648 (syz.0.16), ts 117200878785, free_ts 117558866469
[  118.850164][ T6675]  post_alloc_hook+0x1f4/0x240
[  118.854931][ T6675]  get_page_from_freelist+0x3651/0x37a0
[  118.860571][ T6675]  __alloc_frozen_pages_noprof+0x292/0x710
[  118.866363][ T6675]  alloc_pages_mpol+0x311/0x660
[  118.871203][ T6675]  folio_alloc_mpol_noprof+0x36/0x70
[  118.876482][ T6675]  shmem_alloc_and_add_folio+0x4a0/0x1090
[  118.882544][ T6675]  shmem_get_folio_gfp+0x621/0x1840
[  118.887842][ T6675]  shmem_write_begin+0x165/0x350
[  118.892800][ T6675]  generic_perform_write+0x346/0x990
[  118.898094][ T6675]  shmem_file_write_iter+0xf9/0x120
[  118.903293][ T6675]  vfs_write+0xacf/0xd10
[  118.907559][ T6675]  ksys_write+0x18f/0x2b0
[  118.911890][ T6675]  do_syscall_64+0xf3/0x230
[  118.916387][ T6675]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  118.922286][ T6675] page last free pid 6649 tgid 6648 stack trace:
[  118.928682][ T6675]  free_unref_folios+0xe2f/0x18a0
[  118.933786][ T6675]  folios_put_refs+0x76c/0x860
[  118.938643][ T6675]  shmem_undo_range+0x593/0x1820
[  118.943813][ T6675]  shmem_evict_inode+0x29b/0xa80
[  118.949020][ T6675]  evict+0x4e8/0x9a0
[  118.952912][ T6675]  __dentry_kill+0x20d/0x630
[  118.957589][ T6675]  dput+0x19f/0x2b0
[  118.961564][ T6675]  __fput+0x60b/0x9f0
[  118.967016][ T6675]  task_work_run+0x24f/0x310
[  118.972556][ T6675]  syscall_exit_to_user_mode+0x13f/0x340
[  118.978743][ T6675]  do_syscall_64+0x100/0x230
[  118.983915][ T6675]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  118.989921][ T6675] 
[  118.992472][ T6675] Memory state around the buggy address:
[  118.998251][ T6675]  ffff888064a93f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  119.006776][ T6675]  ffff888064a93f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  119.015519][ T6675] >ffff888064a94000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  119.023590][ T6675]                    ^
[  119.027764][ T6675]  ffff888064a94080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  119.035983][ T6675]  ffff888064a94100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  119.044834][ T6675] ==================================================================
[  119.061146][ T6675] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  119.068920][ T6675] CPU: 0 UID: 0 PID: 6675 Comm: syz.0.17 Not tainted 6.13.0-syzkaller-09760-g69e858e0b8b2 #0
[  119.081296][ T6675] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  119.092702][ T6675] Call Trace:
[  119.097570][ T6675]  <TASK>
[  119.100671][ T6675]  dump_stack_lvl+0x241/0x360
[  119.105534][ T6675]  ? __pfx_dump_stack_lvl+0x10/0x10
[  119.111457][ T6675]  ? __pfx__printk+0x10/0x10
[  119.118023][ T6675]  ? preempt_schedule+0xe1/0xf0
[  119.123040][ T6675]  ? vscnprintf+0x5d/0x90
[  119.127482][ T6675]  panic+0x349/0x880
[  119.131759][ T6675]  ? check_panic_on_warn+0x21/0xb0
[  119.137091][ T6675]  ? __pfx_panic+0x10/0x10
[  119.141719][ T6675]  ? _raw_spin_unlock_irqrestore+0x130/0x140
[  119.149087][ T6675]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  119.156117][ T6675]  ? print_report+0x502/0x550
[  119.161341][ T6675]  check_panic_on_warn+0x86/0xb0
[  119.166651][ T6675]  ? __ocfs2_find_path+0x203/0x7e0
[  119.172226][ T6675]  end_report+0x77/0x160
[  119.176795][ T6675]  kasan_report+0x154/0x180
[  119.181497][ T6675]  ? __ocfs2_find_path+0x203/0x7e0
[  119.186611][ T6675]  __ocfs2_find_path+0x203/0x7e0
[  119.192270][ T6675]  ? __pfx_find_leaf_ins+0x10/0x10
[  119.197535][ T6675]  ? __pfx___ocfs2_find_path+0x10/0x10
[  119.203114][ T6675]  ? __pfx_ocfs2_validate_inode_block+0x10/0x10
[  119.210485][ T6675]  ocfs2_find_leaf+0xcf/0x230
[  119.215286][ T6675]  ? __pfx_ocfs2_find_leaf+0x10/0x10
[  119.220968][ T6675]  ocfs2_get_clusters_nocache+0x1b6/0xca0
[  119.227377][ T6675]  ? __pfx_ocfs2_get_clusters_nocache+0x10/0x10
[  119.233988][ T6675]  ? ocfs2_read_inode_block+0x14c/0x1e0
[  119.239922][ T6675]  ? __pfx_ocfs2_read_inode_block+0x10/0x10
[  119.246554][ T6675]  ? do_raw_spin_unlock+0x13c/0x8b0
[  119.252161][ T6675]  ocfs2_get_clusters+0x5bd/0xbd0
[  119.257350][ T6675]  ? mark_lock+0x9a/0x360
[  119.262538][ T6675]  ? __pfx_ocfs2_get_clusters+0x10/0x10
[  119.269080][ T6675]  ? __pfx_lock_acquire+0x10/0x10
[  119.274517][ T6675]  ? validate_chain+0x11e/0x5920
[  119.279610][ T6675]  ? __lock_acquire+0x1397/0x2100
[  119.285011][ T6675]  ocfs2_extent_map_get_blocks+0x24c/0x7d0
[  119.291591][ T6675]  ? __pfx_ocfs2_extent_map_get_blocks+0x10/0x10
[  119.298514][ T6675]  ? __pfx_validate_chain+0x10/0x10
[  119.303763][ T6675]  ocfs2_read_virt_blocks+0x313/0xb10
[  119.310555][ T6675]  ? __pfx_ocfs2_validate_dir_block+0x10/0x10
[  119.316619][ T6675]  ? __pfx_ocfs2_read_virt_blocks+0x10/0x10
[  119.323035][ T6675]  ? number+0xcc5/0xf40
[  119.327195][ T6675]  ocfs2_find_entry+0x433/0x2570
[  119.333139][ T6675]  ? __pfx_ocfs2_find_entry+0x10/0x10
[  119.338938][ T6675]  ? __pfx_register_lock_class+0x10/0x10
[  119.344853][ T6675]  ? __asan_memset+0x23/0x50
[  119.349814][ T6675]  ? mark_lock+0x9a/0x360
[  119.354209][ T6675]  ? __lock_acquire+0x1397/0x2100
[  119.359810][ T6675]  ? format_decode+0x56c/0xca0
[  119.365076][ T6675]  ? string+0x270/0x2b0
[  119.369769][ T6675]  ? widen_string+0x3a/0x300
[  119.374730][ T6675]  ? string+0x270/0x2b0
[  119.379258][ T6675]  ? vsnprintf+0x1152/0x1220
[  119.383980][ T6675]  ocfs2_find_files_on_disk+0xff/0x360
[  119.389551][ T6675]  ocfs2_lookup_ino_from_name+0xb1/0x1e0
[  119.395647][ T6675]  ? __pfx_ocfs2_lookup_ino_from_name+0x10/0x10
[  119.402164][ T6675]  ? kasan_save_track+0x51/0x80
[  119.407483][ T6675]  ? kasan_save_track+0x3f/0x80
[  119.412565][ T6675]  ? __kasan_kmalloc+0x98/0xb0
[  119.417699][ T6675]  ? ocfs2_new_dlm_debug+0x97/0x200
[  119.423100][ T6675]  ocfs2_get_system_file_inode+0x305/0x7b0
[  119.429358][ T6675]  ? __pfx_ocfs2_get_system_file_inode+0x10/0x10
[  119.435754][ T6675]  ocfs2_init_global_system_inodes+0x32c/0x730
[  119.442285][ T6675]  ? __pfx_ocfs2_init_global_system_inodes+0x10/0x10
[  119.449719][ T6675]  ? __kmalloc_cache_noprof+0x243/0x390
[  119.455544][ T6675]  ? ocfs2_new_dlm_debug+0x97/0x200
[  119.460805][ T6675]  ? ocfs2_new_dlm_debug+0xb5/0x200
[  119.466457][ T6675]  ? __pfx_ocfs2_new_dlm_debug+0x10/0x10
[  119.472352][ T6675]  ? rcu_is_watching+0x15/0xb0
[  119.477318][ T6675]  ? trace_ocfs2_initialize_super+0x9e/0x230
[  119.484520][ T6675]  ocfs2_fill_super+0x4b69/0x7200
[  119.489760][ T6675]  ? __pfx_ocfs2_fill_super+0x10/0x10
[  119.495300][ T6675]  ? validate_chain+0x11e/0x5920
[  119.500317][ T6675]  ? mark_lock+0x9a/0x360
[  119.504911][ T6675]  ? __lock_acquire+0x1397/0x2100
[  119.510217][ T6675]  ? validate_chain+0x11e/0x5920
[  119.515447][ T6675]  ? __pfx_validate_chain+0x10/0x10
[  119.520780][ T6675]  ? is_bpf_text_address+0x26/0x2a0
[  119.526180][ T6675]  ? __pfx_validate_chain+0x10/0x10
[  119.531541][ T6675]  ? __pfx_validate_chain+0x10/0x10
[  119.536929][ T6675]  ? unwind_next_frame+0x18e6/0x22d0
[  119.543015][ T6675]  ? __pfx_validate_chain+0x10/0x10
[  119.548522][ T6675]  ? preempt_count_add+0x93/0x190
[  119.554397][ T6675]  ? mark_lock+0x9a/0x360
[  119.559938][ T6675]  ? mark_lock+0x9a/0x360
[  119.564450][ T6675]  ? __lock_acquire+0x1397/0x2100
[  119.569670][ T6675]  ? validate_chain+0x11e/0x5920
[  119.574909][ T6675]  ? mark_lock+0x9a/0x360
[  119.580147][ T6675]  ? __pfx_validate_chain+0x10/0x10
[  119.585456][ T6675]  ? string+0x270/0x2b0
[  119.589702][ T6675]  ? widen_string+0x3a/0x300
[  119.594280][ T6675]  ? string+0x270/0x2b0
[  119.598428][ T6675]  ? bdev_name+0x2a2/0x3b0
[  119.602968][ T6675]  ? pointer+0x764/0x1210
[  119.607310][ T6675]  ? bdev_open+0x882/0xc50
[  119.611734][ T6675]  ? __pfx_lock_release+0x10/0x10
[  119.616758][ T6675]  ? __pfx_pointer+0x10/0x10
[  119.621377][ T6675]  ? mark_lock+0x9a/0x360
[  119.625699][ T6675]  ? format_decode+0x56c/0xca0
[  119.630635][ T6675]  ? vsnprintf+0x1152/0x1220
[  119.635453][ T6675]  ? snprintf+0xda/0x120
[  119.639724][ T6675]  ? __pfx_lock_release+0x10/0x10
[  119.644757][ T6675]  ? do_raw_spin_lock+0x14f/0x370
[  119.650211][ T6675]  ? __pfx_snprintf+0x10/0x10
[  119.654925][ T6675]  ? set_blocksize+0x1fc/0x360
[  119.659813][ T6675]  ? sb_set_blocksize+0x98/0xf0
[  119.664691][ T6675]  ? setup_bdev_super+0x4e6/0x5d0
[  119.669809][ T6675]  get_tree_bdev_flags+0x48c/0x5c0
[  119.674931][ T6675]  ? __pfx_ocfs2_fill_super+0x10/0x10
[  119.680387][ T6675]  ? __pfx_get_tree_bdev_flags+0x10/0x10
[  119.686103][ T6675]  ? cap_capable+0x139/0x450
[  119.690817][ T6675]  ? safesetid_security_capable+0xb2/0x1d0
[  119.697268][ T6675]  vfs_get_tree+0x90/0x2b0
[  119.701794][ T6675]  do_new_mount+0x2be/0xb40
[  119.706474][ T6675]  ? __pfx_do_new_mount+0x10/0x10
[  119.711951][ T6675]  __se_sys_mount+0x2d6/0x3c0
[  119.716727][ T6675]  ? __pfx___se_sys_mount+0x10/0x10
[  119.722096][ T6675]  ? exc_page_fault+0x590/0x8b0
[  119.727048][ T6675]  ? __x64_sys_mount+0x20/0xc0
[  119.731897][ T6675]  do_syscall_64+0xf3/0x230
[  119.736592][ T6675]  ? clear_bhb_loop+0x35/0x90
[  119.741389][ T6675]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  119.747305][ T6675] RIP: 0033:0x7efcdbb7f79a
[  119.751798][ T6675] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  119.772476][ T6675] RSP: 002b:00007efcdca4ee68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  119.781535][ T6675] RAX: ffffffffffffffda RBX: 00007efcdca4eef0 RCX: 00007efcdbb7f79a
[  119.789879][ T6675] RDX: 0000000020004440 RSI: 0000000020000780 RDI: 00007efcdca4eeb0
[  119.798040][ T6675] RBP: 0000000020004440 R08: 00007efcdca4eef0 R09: 0000000001000000
[  119.806105][ T6675] R10: 0000000001000000 R11: 0000000000000246 R12: 0000000020000780
[  119.814529][ T6675] R13: 00007efcdca4eeb0 R14: 000000000000444a R15: 00000000200005c0
[  119.822649][ T6675]  </TASK>
[  119.825983][ T6675] Kernel Offset: disabled
[  119.830338][ T6675] Rebooting in 86400 seconds..