Warning: Permanently added '10.128.1.41' (ED25519) to the list of known hosts. 2025/09/20 11:01:35 parsed 1 programs [ 57.008311][ T2148] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k 2025/09/20 11:01:39 executed programs: 0 [ 63.592719][ T3072] loop3: detected capacity change from 0 to 32768 [ 63.633886][ T3072] ======================================================= [ 63.633886][ T3072] WARNING: The mand mount option has been deprecated and [ 63.633886][ T3072] and is ignored by this kernel. Remove the mand [ 63.633886][ T3072] option from the mount to silence this warning. [ 63.633886][ T3072] ======================================================= [ 63.726695][ T3072] ocfs2: Slot 0 on device (7,3) was already allocated to this node! [ 63.737448][ T3072] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 63.748471][ T3072] ================================================================== [ 63.756640][ T3072] BUG: KASAN: use-after-free in ocfs2_claim_suballoc_bits+0x1386/0x1860 [ 63.764959][ T3072] Read of size 4 at addr ffff888066e55000 by task syz.3.16/3072 [ 63.772569][ T3072] [ 63.774896][ T3072] CPU: 1 PID: 3072 Comm: syz.3.16 Not tainted syzkaller #0 [ 63.782146][ T3072] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 63.792196][ T3072] Call Trace: [ 63.795467][ T3072] [ 63.798383][ T3072] dump_stack_lvl+0x41/0x5e [ 63.802855][ T3072] print_address_description.constprop.0.cold+0x6c/0x309 [ 63.809933][ T3072] ? ocfs2_claim_suballoc_bits+0x1386/0x1860 [ 63.815876][ T3072] ? ocfs2_claim_suballoc_bits+0x1386/0x1860 [ 63.821828][ T3072] kasan_report.cold+0x83/0xdf [ 63.826574][ T3072] ? ocfs2_claim_suballoc_bits+0x1386/0x1860 [ 63.832518][ T3072] ocfs2_claim_suballoc_bits+0x1386/0x1860 [ 63.838300][ T3072] ? jbd2_journal_dirty_metadata+0x4aa/0x8f0 [ 63.844265][ T3072] ? ocfs2_search_chain+0x1960/0x1960 [ 63.849606][ T3072] ? lock_downgrade+0x4f0/0x4f0 [ 63.854425][ T3072] ? __jbd2_journal_temp_unlink_buffer+0x27c/0x450 [ 63.860894][ T3072] __ocfs2_claim_clusters+0x203/0x900 [ 63.866254][ T3072] ? ocfs2_sync_local_to_main+0x681/0x7c0 [ 63.871942][ T3072] ? ocfs2_which_cluster_group+0x220/0x220 [ 63.877715][ T3072] ? ocfs2_journal_dirty+0x9f/0x410 [ 63.882889][ T3072] ocfs2_local_alloc_slide_window+0x800/0x1710 [ 63.889023][ T3072] ? ocfs2_sync_local_to_main+0x7c0/0x7c0 [ 63.894840][ T3072] ? do_raw_spin_lock+0x120/0x2b0 [ 63.899829][ T3072] ? rwlock_bug.part.0+0x90/0x90 [ 63.904736][ T3072] ? memweight+0x92/0x110 [ 63.909049][ T3072] ocfs2_reserve_local_alloc_bits+0x292/0x9a0 [ 63.915345][ T3072] ? ocfs2_complete_local_alloc_recovery+0x400/0x400 [ 63.921998][ T3072] ? do_raw_spin_unlock+0x171/0x230 [ 63.927164][ T3072] ? _raw_spin_unlock+0x1a/0x30 [ 63.932008][ T3072] ocfs2_reserve_clusters_with_limit+0x3db/0x9a0 [ 63.938316][ T3072] ? ocfs2_reserve_cluster_bitmap_bits+0x170/0x170 [ 63.944788][ T3072] ? ocfs2_add_links_count+0xe0/0xe0 [ 63.950131][ T3072] ? find_held_lock+0x2d/0x110 [ 63.954878][ T3072] ? ocfs2_inode_lock_full_nested+0x356/0x19b0 [ 63.961002][ T3072] ocfs2_mknod+0x932/0x1b80 [ 63.965559][ T3072] ? ocfs2_symlink+0x3170/0x3170 [ 63.970466][ T3072] ? ocfs2_inode_unlock+0x154/0x220 [ 63.975632][ T3072] ? do_raw_spin_lock+0x120/0x2b0 [ 63.980626][ T3072] ? lock_downgrade+0x4f0/0x4f0 [ 63.985443][ T3072] ? do_raw_spin_lock+0x120/0x2b0 [ 63.990430][ T3072] ? lock_acquire+0x11a/0x250 [ 63.995071][ T3072] ? _raw_spin_unlock+0x1a/0x30 [ 63.999887][ T3072] ? put_pid.part.0+0x79/0x100 [ 64.004617][ T3072] ? ocfs2_permission+0xb7/0x140 [ 64.009521][ T3072] ocfs2_mkdir+0xb6/0x2e0 [ 64.013820][ T3072] ? ocfs2_mknod+0x1b80/0x1b80 [ 64.018548][ T3072] vfs_mkdir+0x1c4/0x3e0 [ 64.022763][ T3072] ? security_path_mkdir+0xc0/0x130 [ 64.027934][ T3072] do_mkdirat+0x210/0x280 [ 64.032237][ T3072] ? __ia32_sys_mknod+0xa0/0xa0 [ 64.037337][ T3072] ? getname_flags.part.0+0x89/0x440 [ 64.042683][ T3072] __x64_sys_mkdirat+0xef/0x140 [ 64.047506][ T3072] do_syscall_64+0x33/0x80 [ 64.051893][ T3072] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 64.057868][ T3072] RIP: 0033:0x7f0ee68ba169 [ 64.062252][ T3072] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 64.081829][ T3072] RSP: 002b:00007f0ee632c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 64.090211][ T3072] RAX: ffffffffffffffda RBX: 00007f0ee6ad2fa0 RCX: 00007f0ee68ba169 [ 64.098152][ T3072] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: ffffffffffffff9c [ 64.106090][ T3072] RBP: 00007f0ee693b2a0 R08: 0000000000000000 R09: 0000000000000000 [ 64.114029][ T3072] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 64.121984][ T3072] R13: 0000000000000000 R14: 00007f0ee6ad2fa0 R15: 00007fff3e7e5f78 [ 64.129923][ T3072] [ 64.132912][ T3072] [ 64.135206][ T3072] The buggy address belongs to the page: [ 64.140902][ T3072] page:ffffea00019b9540 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x66e55 [ 64.151149][ T3072] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 64.158224][ T3072] raw: 00fff00000000000 ffffea00019b9408 ffffea00019b8808 0000000000000000 [ 64.166950][ T3072] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 64.175494][ T3072] page dumped because: kasan: bad access detected [ 64.181876][ T3072] page_owner tracks the page as freed [ 64.187215][ T3072] page last allocated via order 0, migratetype Movable, gfp_mask 0x1100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO), pid 2163, ts 63759784875, free_ts 63765805283 [ 64.202717][ T3072] get_page_from_freelist+0x1369/0x31f0 [ 64.208230][ T3072] __alloc_pages+0x1b2/0x440 [ 64.212785][ T3072] alloc_pages_vma+0xe0/0x650 [ 64.217605][ T3072] __handle_mm_fault+0x1d97/0x33a0 [ 64.222716][ T3072] handle_mm_fault+0x1c5/0x5b0 [ 64.227448][ T3072] do_user_addr_fault+0x298/0xc80 [ 64.232440][ T3072] exc_page_fault+0x5a/0xb0 [ 64.236928][ T3072] asm_exc_page_fault+0x22/0x30 [ 64.241770][ T3072] copy_user_enhanced_fast_string+0xe/0x40 [ 64.247638][ T3072] copy_page_to_iter+0x3d8/0xb60 [ 64.252575][ T3072] filemap_read+0x4e1/0xab0 [ 64.257062][ T3072] blkdev_read_iter+0xfb/0x180 [ 64.261976][ T3072] new_sync_read+0x35a/0x5f0 [ 64.266535][ T3072] vfs_read+0x209/0x470 [ 64.270654][ T3072] ksys_read+0xf4/0x1d0 [ 64.274775][ T3072] do_syscall_64+0x33/0x80 [ 64.279173][ T3072] page last free stack trace: [ 64.283816][ T3072] free_pcp_prepare+0x379/0x850 [ 64.288988][ T3072] free_unref_page_list+0x16f/0xbd0 [ 64.294152][ T3072] release_pages+0xb3a/0x1480 [ 64.298793][ T3072] tlb_finish_mmu+0x127/0x790 [ 64.303454][ T3072] unmap_region+0x298/0x390 [ 64.307931][ T3072] __do_munmap+0x47e/0x10d0 [ 64.312395][ T3072] __vm_munmap+0xd2/0x1a0 [ 64.316739][ T3072] __x64_sys_munmap+0x5d/0x80 [ 64.321467][ T3072] do_syscall_64+0x33/0x80 [ 64.325850][ T3072] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 64.331707][ T3072] [ 64.334000][ T3072] Memory state around the buggy address: [ 64.339615][ T3072] ffff888066e54f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 64.347640][ T3072] ffff888066e54f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 64.355667][ T3072] >ffff888066e55000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 64.363706][ T3072] ^ [ 64.367742][ T3072] ffff888066e55080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 64.375778][ T3072] ffff888066e55100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 64.383801][ T3072] ================================================================== [ 64.391838][ T3072] Disabling lock debugging due to kernel taint [ 64.398166][ T3072] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 64.405849][ T3072] Kernel Offset: disabled [ 64.410160][ T3072] Rebooting in 86400 seconds..