Warning: Permanently added '10.128.1.214' (ED25519) to the list of known hosts. 2025/11/30 07:43:58 parsed 1 programs [ 62.593550][ T2147] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k 2025/11/30 07:44:02 executed programs: 0 [ 69.082291][ T3067] loop3: detected capacity change from 0 to 32768 [ 69.126639][ T3067] ======================================================= [ 69.126639][ T3067] WARNING: The mand mount option has been deprecated and [ 69.126639][ T3067] and is ignored by this kernel. Remove the mand [ 69.126639][ T3067] option from the mount to silence this warning. [ 69.126639][ T3067] ======================================================= [ 69.199594][ T3067] ocfs2: Slot 0 on device (7,3) was already allocated to this node! [ 69.210196][ T3067] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 69.220909][ T3067] ================================================================== [ 69.228975][ T3067] BUG: KASAN: use-after-free in ocfs2_claim_suballoc_bits+0x1386/0x1860 [ 69.237306][ T3067] Read of size 4 at addr ffff88806a539000 by task syz.3.16/3067 [ 69.245165][ T3067] [ 69.247490][ T3067] CPU: 0 PID: 3067 Comm: syz.3.16 Not tainted syzkaller #0 [ 69.254839][ T3067] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 69.264968][ T3067] Call Trace: [ 69.268225][ T3067] [ 69.271559][ T3067] dump_stack_lvl+0x41/0x5e [ 69.276029][ T3067] print_address_description.constprop.0.cold+0x6c/0x309 [ 69.283022][ T3067] ? ocfs2_claim_suballoc_bits+0x1386/0x1860 [ 69.288974][ T3067] ? ocfs2_claim_suballoc_bits+0x1386/0x1860 [ 69.294917][ T3067] kasan_report.cold+0x83/0xdf [ 69.299734][ T3067] ? ocfs2_claim_suballoc_bits+0x1386/0x1860 [ 69.305673][ T3067] ocfs2_claim_suballoc_bits+0x1386/0x1860 [ 69.311442][ T3067] ? jbd2_journal_dirty_metadata+0x4aa/0x8f0 [ 69.317391][ T3067] ? ocfs2_search_chain+0x1960/0x1960 [ 69.322724][ T3067] ? lock_downgrade+0x4f0/0x4f0 [ 69.327538][ T3067] ? __jbd2_journal_temp_unlink_buffer+0x27c/0x450 [ 69.334264][ T3067] __ocfs2_claim_clusters+0x203/0x900 [ 69.339599][ T3067] ? ocfs2_sync_local_to_main+0x681/0x7c0 [ 69.345295][ T3067] ? ocfs2_which_cluster_group+0x220/0x220 [ 69.351085][ T3067] ? ocfs2_journal_dirty+0x9f/0x410 [ 69.356265][ T3067] ocfs2_local_alloc_slide_window+0x800/0x1710 [ 69.362393][ T3067] ? ocfs2_sync_local_to_main+0x7c0/0x7c0 [ 69.368089][ T3067] ? do_raw_spin_lock+0x120/0x2b0 [ 69.373099][ T3067] ? rwlock_bug.part.0+0x90/0x90 [ 69.378015][ T3067] ? memweight+0x92/0x110 [ 69.382326][ T3067] ocfs2_reserve_local_alloc_bits+0x292/0x9a0 [ 69.388470][ T3067] ? ocfs2_complete_local_alloc_recovery+0x400/0x400 [ 69.395373][ T3067] ? do_raw_spin_unlock+0x171/0x230 [ 69.400537][ T3067] ? _raw_spin_unlock+0x1a/0x30 [ 69.405623][ T3067] ocfs2_reserve_clusters_with_limit+0x3db/0x9a0 [ 69.411980][ T3067] ? ocfs2_reserve_cluster_bitmap_bits+0x170/0x170 [ 69.418461][ T3067] ? ocfs2_add_links_count+0xe0/0xe0 [ 69.423714][ T3067] ? find_held_lock+0x2d/0x110 [ 69.428447][ T3067] ? ocfs2_inode_lock_full_nested+0x356/0x19b0 [ 69.434572][ T3067] ocfs2_mknod+0x932/0x1b80 [ 69.439042][ T3067] ? ocfs2_symlink+0x3170/0x3170 [ 69.444031][ T3067] ? ocfs2_inode_unlock+0x154/0x220 [ 69.449192][ T3067] ? do_raw_spin_lock+0x120/0x2b0 [ 69.454301][ T3067] ? lock_downgrade+0x4f0/0x4f0 [ 69.459114][ T3067] ? do_raw_spin_lock+0x120/0x2b0 [ 69.464107][ T3067] ? lock_acquire+0x11a/0x250 [ 69.468770][ T3067] ? _raw_spin_unlock+0x1a/0x30 [ 69.473598][ T3067] ? put_pid.part.0+0x79/0x100 [ 69.478325][ T3067] ? ocfs2_permission+0xb7/0x140 [ 69.483228][ T3067] ocfs2_mkdir+0xb6/0x2e0 [ 69.487523][ T3067] ? ocfs2_mknod+0x1b80/0x1b80 [ 69.492250][ T3067] vfs_mkdir+0x1c4/0x3e0 [ 69.496550][ T3067] ? security_path_mkdir+0xc0/0x130 [ 69.501711][ T3067] do_mkdirat+0x210/0x280 [ 69.506006][ T3067] ? __ia32_sys_mknod+0xa0/0xa0 [ 69.510819][ T3067] ? getname_flags.part.0+0x89/0x440 [ 69.516064][ T3067] __x64_sys_mkdirat+0xef/0x140 [ 69.520969][ T3067] do_syscall_64+0x33/0x80 [ 69.525351][ T3067] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 69.531240][ T3067] RIP: 0033:0x7fed2b601169 [ 69.535622][ T3067] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 69.555194][ T3067] RSP: 002b:00007fed2b073038 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 69.563573][ T3067] RAX: ffffffffffffffda RBX: 00007fed2b819fa0 RCX: 00007fed2b601169 [ 69.571512][ T3067] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: ffffffffffffff9c [ 69.579468][ T3067] RBP: 00007fed2b6822a0 R08: 0000000000000000 R09: 0000000000000000 [ 69.587424][ T3067] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 69.595364][ T3067] R13: 0000000000000000 R14: 00007fed2b819fa0 R15: 00007ffc9025ba58 [ 69.603303][ T3067] [ 69.606301][ T3067] [ 69.608676][ T3067] The buggy address belongs to the page: [ 69.614276][ T3067] page:ffffea0001a94e40 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x6a539 [ 69.624406][ T3067] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 69.631483][ T3067] raw: 00fff00000000000 ffffea0001933408 ffffea0001a93448 0000000000000000 [ 69.640041][ T3067] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 69.648642][ T3067] page dumped because: kasan: bad access detected [ 69.655025][ T3067] page_owner tracks the page as freed [ 69.660355][ T3067] page last allocated via order 0, migratetype Movable, gfp_mask 0x1100cca(GFP_HIGHUSER_MOVABLE), pid 2599, ts 65818050435, free_ts 65859668539 [ 69.674902][ T3067] get_page_from_freelist+0x1369/0x31f0 [ 69.680423][ T3067] __alloc_pages+0x1b2/0x440 [ 69.684981][ T3067] alloc_pages_vma+0xe0/0x650 [ 69.689632][ T3067] __handle_mm_fault+0xc8f/0x33a0 [ 69.694630][ T3067] handle_mm_fault+0x1c5/0x5b0 [ 69.699358][ T3067] do_user_addr_fault+0x298/0xc80 [ 69.704356][ T3067] exc_page_fault+0x5a/0xb0 [ 69.708825][ T3067] asm_exc_page_fault+0x22/0x30 [ 69.713667][ T3067] page last free stack trace: [ 69.718304][ T3067] free_pcp_prepare+0x379/0x850 [ 69.723119][ T3067] free_unref_page_list+0x16f/0xbd0 [ 69.728277][ T3067] release_pages+0xb3a/0x1480 [ 69.732919][ T3067] tlb_finish_mmu+0x127/0x790 [ 69.737651][ T3067] exit_mmap+0x1b7/0x5d0 [ 69.741882][ T3067] mmput+0xd6/0x400 [ 69.745665][ T3067] do_exit+0x88c/0x2200 [ 69.749785][ T3067] do_group_exit+0xe7/0x290 [ 69.754249][ T3067] __x64_sys_exit_group+0x35/0x40 [ 69.759233][ T3067] do_syscall_64+0x33/0x80 [ 69.763633][ T3067] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 69.769497][ T3067] [ 69.771799][ T3067] Memory state around the buggy address: [ 69.777504][ T3067] ffff88806a538f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 69.785535][ T3067] ffff88806a538f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 69.793648][ T3067] >ffff88806a539000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 69.801839][ T3067] ^ [ 69.805973][ T3067] ffff88806a539080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 69.814005][ T3067] ffff88806a539100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 69.822033][ T3067] ================================================================== [ 69.830067][ T3067] Disabling lock debugging due to kernel taint [ 69.836501][ T3067] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 69.843937][ T3067] Kernel Offset: disabled [ 69.848259][ T3067] Rebooting in 86400 seconds..