Warning: Permanently added '10.128.1.121' (ED25519) to the list of known hosts. 2025/05/16 06:40:13 ignoring optional flag "sandboxArg"="0" 2025/05/16 06:40:14 parsed 1 programs [ 56.888224][ T2144] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k 2025/05/16 06:40:19 executed programs: 0 [ 65.200216][ T3062] loop3: detected capacity change from 0 to 32768 [ 65.238197][ T3062] ======================================================= [ 65.238197][ T3062] WARNING: The mand mount option has been deprecated and [ 65.238197][ T3062] and is ignored by this kernel. Remove the mand [ 65.238197][ T3062] option from the mount to silence this warning. [ 65.238197][ T3062] ======================================================= [ 65.321236][ T3062] ocfs2: Slot 0 on device (7,3) was already allocated to this node! [ 65.332392][ T3062] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 65.343868][ T3062] (syz.3.16,3062,1):ocfs2_read_blocks:239 ERROR: status = -12 [ 65.351632][ T3062] (syz.3.16,3062,1):ocfs2_search_chain:1761 ERROR: status = -12 [ 65.359806][ T3062] (syz.3.16,3062,1):ocfs2_search_chain:1871 ERROR: status = -12 [ 65.367439][ T3062] (syz.3.16,3062,1):ocfs2_claim_suballoc_bits:1940 ERROR: status = -12 [ 65.376089][ T3062] (syz.3.16,3062,1):ocfs2_claim_suballoc_bits:1983 ERROR: status = -12 [ 65.384959][ T3062] (syz.3.16,3062,1):__ocfs2_claim_clusters:2355 ERROR: status = -12 [ 65.392972][ T3062] (syz.3.16,3062,1):__ocfs2_claim_clusters:2363 ERROR: status = -12 [ 65.401195][ T3062] (syz.3.16,3062,1):ocfs2_local_alloc_new_window:1203 ERROR: status = -12 [ 65.410072][ T3062] (syz.3.16,3062,1):ocfs2_local_alloc_new_window:1228 ERROR: status = -12 [ 65.419246][ T3062] (syz.3.16,3062,1):ocfs2_local_alloc_slide_window:1302 ERROR: status = -12 [ 65.428496][ T3062] (syz.3.16,3062,1):ocfs2_local_alloc_slide_window:1321 ERROR: status = -12 [ 65.437745][ T3062] (syz.3.16,3062,1):ocfs2_reserve_local_alloc_bits:671 ERROR: status = -12 [ 65.446786][ T3062] (syz.3.16,3062,1):ocfs2_reserve_local_alloc_bits:709 ERROR: status = -12 [ 65.455582][ T3062] (syz.3.16,3062,1):ocfs2_reserve_clusters_with_limit:1166 ERROR: status = -12 [ 65.464640][ T3062] (syz.3.16,3062,1):ocfs2_reserve_clusters_with_limit:1215 ERROR: status = -12 [ 65.473948][ T3062] (syz.3.16,3062,1):ocfs2_mknod:357 ERROR: status = -12 [ 65.481452][ T3062] (syz.3.16,3062,1):ocfs2_mknod:502 ERROR: status = -12 [ 65.488563][ T3062] (syz.3.16,3062,1):ocfs2_mkdir:659 ERROR: status = -12 [ 65.499999][ T2643] ocfs2: Unmounting device (7,3) on (node local) [ 65.690533][ T3067] loop3: detected capacity change from 0 to 32768 [ 65.754824][ T3067] ocfs2: Slot 0 on device (7,3) was already allocated to this node! [ 65.765175][ T3067] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 65.778360][ T3067] ================================================================== [ 65.786616][ T3067] BUG: KASAN: use-after-free in ocfs2_claim_suballoc_bits+0x1386/0x1860 [ 65.795229][ T3067] Read of size 4 at addr ffff888062ded000 by task syz.3.17/3067 [ 65.803121][ T3067] [ 65.805458][ T3067] CPU: 0 PID: 3067 Comm: syz.3.17 Not tainted 5.15.182-syzkaller #0 [ 65.813682][ T3067] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 65.824229][ T3067] Call Trace: [ 65.827730][ T3067] [ 65.830667][ T3067] dump_stack_lvl+0x41/0x5e [ 65.835181][ T3067] print_address_description.constprop.0.cold+0x6c/0x309 [ 65.842274][ T3067] ? ocfs2_claim_suballoc_bits+0x1386/0x1860 [ 65.848244][ T3067] ? ocfs2_claim_suballoc_bits+0x1386/0x1860 [ 65.854198][ T3067] kasan_report.cold+0x83/0xdf [ 65.859215][ T3067] ? ocfs2_claim_suballoc_bits+0x1386/0x1860 [ 65.865261][ T3067] ocfs2_claim_suballoc_bits+0x1386/0x1860 [ 65.871144][ T3067] ? ocfs2_search_chain+0x1960/0x1960 [ 65.876676][ T3067] ? percpu_rwsem_wait+0x200/0x3f0 [ 65.881949][ T3067] ? __jbd2_journal_temp_unlink_buffer+0x27c/0x450 [ 65.888791][ T3067] __ocfs2_claim_clusters+0x203/0x900 [ 65.894161][ T3067] ? ocfs2_sync_local_to_main+0x681/0x7c0 [ 65.900082][ T3067] ? ocfs2_which_cluster_group+0x220/0x220 [ 65.906129][ T3067] ? ocfs2_journal_dirty+0x9f/0x410 [ 65.911400][ T3067] ocfs2_local_alloc_slide_window+0x800/0x1710 [ 65.917723][ T3067] ? ocfs2_sync_local_to_main+0x7c0/0x7c0 [ 65.923428][ T3067] ? do_raw_spin_lock+0x120/0x2b0 [ 65.928451][ T3067] ? rwlock_bug.part.0+0x90/0x90 [ 65.933364][ T3067] ? memweight+0x92/0x110 [ 65.938107][ T3067] ocfs2_reserve_local_alloc_bits+0x292/0x9a0 [ 65.944149][ T3067] ? ocfs2_complete_local_alloc_recovery+0x400/0x400 [ 65.950796][ T3067] ? do_raw_spin_unlock+0x171/0x230 [ 65.956261][ T3067] ? _raw_spin_unlock+0x1a/0x30 [ 65.961313][ T3067] ocfs2_reserve_clusters_with_limit+0x3db/0x9a0 [ 65.968460][ T3067] ? ocfs2_reserve_cluster_bitmap_bits+0x170/0x170 [ 65.975808][ T3067] ? ocfs2_add_links_count+0xe0/0xe0 [ 65.981625][ T3067] ? find_held_lock+0x2d/0x110 [ 65.987887][ T3067] ? ocfs2_inode_lock_full_nested+0x356/0x19b0 [ 65.994664][ T3067] ocfs2_mknod+0x932/0x1b80 [ 65.999756][ T3067] ? ocfs2_symlink+0x3170/0x3170 [ 66.004968][ T3067] ? ocfs2_inode_unlock+0x154/0x220 [ 66.010236][ T3067] ? do_raw_spin_lock+0x120/0x2b0 [ 66.015891][ T3067] ? lock_downgrade+0x4f0/0x4f0 [ 66.020830][ T3067] ? do_raw_spin_lock+0x120/0x2b0 [ 66.026166][ T3067] ? lock_acquire+0x11a/0x250 [ 66.030917][ T3067] ? _raw_spin_unlock+0x1a/0x30 [ 66.035754][ T3067] ? put_pid.part.0+0x79/0x100 [ 66.040714][ T3067] ? ocfs2_permission+0xb7/0x140 [ 66.045695][ T3067] ocfs2_mkdir+0xb6/0x2e0 [ 66.050054][ T3067] ? ocfs2_mknod+0x1b80/0x1b80 [ 66.054794][ T3067] vfs_mkdir+0x1c4/0x3e0 [ 66.059020][ T3067] ? security_path_mkdir+0xc0/0x130 [ 66.064211][ T3067] do_mkdirat+0x210/0x280 [ 66.068519][ T3067] ? __ia32_sys_mknod+0xa0/0xa0 [ 66.073465][ T3067] ? getname_flags.part.0+0x89/0x440 [ 66.078816][ T3067] __x64_sys_mkdirat+0xef/0x140 [ 66.083792][ T3067] do_syscall_64+0x33/0x80 [ 66.088382][ T3067] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 66.094451][ T3067] RIP: 0033:0x7f06738c1169 [ 66.099034][ T3067] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 66.119824][ T3067] RSP: 002b:00007f0673333038 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 66.129115][ T3067] RAX: ffffffffffffffda RBX: 00007f0673ad9fa0 RCX: 00007f06738c1169 [ 66.137243][ T3067] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: ffffffffffffff9c [ 66.145737][ T3067] RBP: 00007f06739422a0 R08: 0000000000000000 R09: 0000000000000000 [ 66.154088][ T3067] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 66.162136][ T3067] R13: 0000000000000000 R14: 00007f0673ad9fa0 R15: 00007ffdff7bed48 [ 66.170191][ T3067] [ 66.173203][ T3067] [ 66.175593][ T3067] The buggy address belongs to the page: [ 66.181212][ T3067] page:ffffea00018b7b40 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x62ded [ 66.191795][ T3067] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 66.199082][ T3067] raw: 00fff00000000000 ffffea00018e4508 ffffea00018b87c8 0000000000000000 [ 66.207854][ T3067] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 66.216608][ T3067] page dumped because: kasan: bad access detected [ 66.223106][ T3067] page_owner tracks the page as freed [ 66.228629][ T3067] page last allocated via order 0, migratetype Movable, gfp_mask 0x1100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO), pid 3063, ts 65808566719, free_ts 65815654585 [ 66.244677][ T3067] get_page_from_freelist+0x1369/0x31f0 [ 66.250321][ T3067] __alloc_pages+0x1b2/0x440 [ 66.255701][ T3067] alloc_pages_vma+0xe0/0x650 [ 66.260598][ T3067] __handle_mm_fault+0x1d97/0x33a0 [ 66.265905][ T3067] handle_mm_fault+0x1c5/0x5b0 [ 66.270934][ T3067] do_user_addr_fault+0x298/0xc80 [ 66.276324][ T3067] exc_page_fault+0x5a/0xb0 [ 66.281078][ T3067] asm_exc_page_fault+0x22/0x30 [ 66.286205][ T3067] copy_user_enhanced_fast_string+0xe/0x40 [ 66.292119][ T3067] copy_page_to_iter+0x3d8/0xb60 [ 66.297228][ T3067] filemap_read+0x4e1/0xab0 [ 66.302672][ T3067] blkdev_read_iter+0xfb/0x180 [ 66.307729][ T3067] new_sync_read+0x35a/0x5f0 [ 66.312488][ T3067] vfs_read+0x209/0x470 [ 66.316695][ T3067] ksys_read+0xf4/0x1d0 [ 66.320824][ T3067] do_syscall_64+0x33/0x80 [ 66.325220][ T3067] page last free stack trace: [ 66.329888][ T3067] free_pcp_prepare+0x379/0x850 [ 66.334806][ T3067] free_unref_page_list+0x16f/0xbd0 [ 66.340212][ T3067] release_pages+0xb3a/0x1480 [ 66.345393][ T3067] tlb_finish_mmu+0x127/0x790 [ 66.350062][ T3067] unmap_region+0x298/0x390 [ 66.354657][ T3067] __do_munmap+0x47e/0x10d0 [ 66.359144][ T3067] __vm_munmap+0xd2/0x1a0 [ 66.363843][ T3067] __x64_sys_munmap+0x5d/0x80 [ 66.368797][ T3067] do_syscall_64+0x33/0x80 [ 66.373284][ T3067] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 66.379287][ T3067] [ 66.381590][ T3067] Memory state around the buggy address: [ 66.387431][ T3067] ffff888062decf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 66.395758][ T3067] ffff888062decf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 66.404943][ T3067] >ffff888062ded000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 66.413603][ T3067] ^ [ 66.417867][ T3067] ffff888062ded080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 66.426589][ T3067] ffff888062ded100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 66.434852][ T3067] ================================================================== [ 66.443203][ T3067] Disabling lock debugging due to kernel taint [ 66.450967][ T3067] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 66.458721][ T3067] Kernel Offset: disabled [ 66.463152][ T3067] Rebooting in 86400 seconds..