Warning: Permanently added '10.128.1.141' (ED25519) to the list of known hosts. 2025/08/16 02:39:53 ignoring optional flag "sandboxArg"="0" 2025/08/16 02:39:54 parsed 1 programs [ 64.764640][ T2148] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k 2025/08/16 02:39:59 executed programs: 0 [ 72.763333][ T3072] loop3: detected capacity change from 0 to 32768 [ 72.808062][ T3072] ======================================================= [ 72.808062][ T3072] WARNING: The mand mount option has been deprecated and [ 72.808062][ T3072] and is ignored by this kernel. Remove the mand [ 72.808062][ T3072] option from the mount to silence this warning. [ 72.808062][ T3072] ======================================================= [ 72.891272][ T3072] ocfs2: Slot 0 on device (7,3) was already allocated to this node! [ 72.902198][ T3072] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 72.913377][ T3072] ================================================================== [ 72.921462][ T3072] BUG: KASAN: use-after-free in ocfs2_claim_suballoc_bits+0x1386/0x1860 [ 72.929807][ T3072] Read of size 4 at addr ffff888066d40000 by task syz.3.16/3072 [ 72.937591][ T3072] [ 72.939934][ T3072] CPU: 0 PID: 3072 Comm: syz.3.16 Not tainted 5.15.189-syzkaller #0 [ 72.948001][ T3072] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 72.958236][ T3072] Call Trace: [ 72.961513][ T3072] [ 72.964437][ T3072] dump_stack_lvl+0x41/0x5e [ 72.968931][ T3072] print_address_description.constprop.0.cold+0x6c/0x309 [ 72.976120][ T3072] ? ocfs2_claim_suballoc_bits+0x1386/0x1860 [ 72.982195][ T3072] ? ocfs2_claim_suballoc_bits+0x1386/0x1860 [ 72.988359][ T3072] kasan_report.cold+0x83/0xdf [ 72.993285][ T3072] ? ocfs2_claim_suballoc_bits+0x1386/0x1860 [ 72.999261][ T3072] ocfs2_claim_suballoc_bits+0x1386/0x1860 [ 73.005398][ T3072] ? jbd2_journal_dirty_metadata+0x4aa/0x8f0 [ 73.011467][ T3072] ? ocfs2_search_chain+0x1960/0x1960 [ 73.016925][ T3072] ? lock_downgrade+0x4f0/0x4f0 [ 73.021855][ T3072] ? __jbd2_journal_temp_unlink_buffer+0x27c/0x450 [ 73.028518][ T3072] __ocfs2_claim_clusters+0x203/0x900 [ 73.033972][ T3072] ? ocfs2_sync_local_to_main+0x681/0x7c0 [ 73.039931][ T3072] ? ocfs2_which_cluster_group+0x220/0x220 [ 73.045827][ T3072] ? ocfs2_journal_dirty+0x9f/0x410 [ 73.051029][ T3072] ocfs2_local_alloc_slide_window+0x800/0x1710 [ 73.057180][ T3072] ? ocfs2_sync_local_to_main+0x7c0/0x7c0 [ 73.063050][ T3072] ? do_raw_spin_lock+0x120/0x2b0 [ 73.068126][ T3072] ? rwlock_bug.part.0+0x90/0x90 [ 73.073292][ T3072] ? memweight+0x92/0x110 [ 73.077935][ T3072] ocfs2_reserve_local_alloc_bits+0x292/0x9a0 [ 73.084136][ T3072] ? ocfs2_complete_local_alloc_recovery+0x400/0x400 [ 73.090826][ T3072] ? do_raw_spin_unlock+0x171/0x230 [ 73.096212][ T3072] ? _raw_spin_unlock+0x1a/0x30 [ 73.101405][ T3072] ocfs2_reserve_clusters_with_limit+0x3db/0x9a0 [ 73.108006][ T3072] ? ocfs2_reserve_cluster_bitmap_bits+0x170/0x170 [ 73.115203][ T3072] ? ocfs2_add_links_count+0xe0/0xe0 [ 73.121059][ T3072] ? find_held_lock+0x2d/0x110 [ 73.125822][ T3072] ? ocfs2_inode_lock_full_nested+0x356/0x19b0 [ 73.131968][ T3072] ocfs2_mknod+0x932/0x1b80 [ 73.136462][ T3072] ? ocfs2_symlink+0x3170/0x3170 [ 73.141508][ T3072] ? ocfs2_inode_unlock+0x154/0x220 [ 73.146698][ T3072] ? do_raw_spin_lock+0x120/0x2b0 [ 73.151710][ T3072] ? lock_downgrade+0x4f0/0x4f0 [ 73.156800][ T3072] ? do_raw_spin_lock+0x120/0x2b0 [ 73.161932][ T3072] ? lock_acquire+0x11a/0x250 [ 73.166611][ T3072] ? _raw_spin_unlock+0x1a/0x30 [ 73.171609][ T3072] ? put_pid.part.0+0x79/0x100 [ 73.176532][ T3072] ? ocfs2_permission+0xb7/0x140 [ 73.181475][ T3072] ocfs2_mkdir+0xb6/0x2e0 [ 73.185883][ T3072] ? ocfs2_mknod+0x1b80/0x1b80 [ 73.190928][ T3072] vfs_mkdir+0x1c4/0x3e0 [ 73.195165][ T3072] ? security_path_mkdir+0xc0/0x130 [ 73.200463][ T3072] do_mkdirat+0x210/0x280 [ 73.204870][ T3072] ? __ia32_sys_mknod+0xa0/0xa0 [ 73.209707][ T3072] ? getname_flags.part.0+0x89/0x440 [ 73.215101][ T3072] __x64_sys_mkdirat+0xef/0x140 [ 73.219946][ T3072] do_syscall_64+0x33/0x80 [ 73.224363][ T3072] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 73.230288][ T3072] RIP: 0033:0x7fbe3f73b169 [ 73.234779][ T3072] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 73.254581][ T3072] RSP: 002b:00007fbe3f1ad038 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 73.263251][ T3072] RAX: ffffffffffffffda RBX: 00007fbe3f953fa0 RCX: 00007fbe3f73b169 [ 73.271235][ T3072] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: ffffffffffffff9c [ 73.279288][ T3072] RBP: 00007fbe3f7bc2a0 R08: 0000000000000000 R09: 0000000000000000 [ 73.287251][ T3072] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 73.295212][ T3072] R13: 0000000000000000 R14: 00007fbe3f953fa0 R15: 00007ffcaf7354a8 [ 73.303188][ T3072] [ 73.306202][ T3072] [ 73.308600][ T3072] The buggy address belongs to the page: [ 73.314223][ T3072] page:ffffea00019b5000 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x66d40 [ 73.324564][ T3072] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 73.331683][ T3072] raw: 00fff00000000000 ffffea0001a1ebc8 ffffea0001ff2c88 0000000000000000 [ 73.340282][ T3072] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 73.348981][ T3072] page dumped because: kasan: bad access detected [ 73.355429][ T3072] page_owner tracks the page as freed [ 73.361003][ T3072] page last allocated via order 0, migratetype Movable, gfp_mask 0x1100cca(GFP_HIGHUSER_MOVABLE), pid 2646, ts 69156513752, free_ts 69337998151 [ 73.375715][ T3072] get_page_from_freelist+0x1369/0x31f0 [ 73.381268][ T3072] __alloc_pages+0x1b2/0x440 [ 73.385872][ T3072] alloc_pages_vma+0xe0/0x650 [ 73.390549][ T3072] __handle_mm_fault+0xc8f/0x33a0 [ 73.395710][ T3072] handle_mm_fault+0x1c5/0x5b0 [ 73.400479][ T3072] do_user_addr_fault+0x298/0xc80 [ 73.405871][ T3072] exc_page_fault+0x5a/0xb0 [ 73.410631][ T3072] asm_exc_page_fault+0x22/0x30 [ 73.415727][ T3072] page last free stack trace: [ 73.420393][ T3072] free_pcp_prepare+0x379/0x850 [ 73.425327][ T3072] free_unref_page_list+0x16f/0xbd0 [ 73.430706][ T3072] release_pages+0xb3a/0x1480 [ 73.435558][ T3072] tlb_finish_mmu+0x127/0x790 [ 73.440225][ T3072] exit_mmap+0x1b7/0x5d0 [ 73.444461][ T3072] mmput+0xd6/0x400 [ 73.448267][ T3072] do_exit+0x88c/0x2200 [ 73.452434][ T3072] do_group_exit+0xe7/0x290 [ 73.456966][ T3072] get_signal+0x279/0x1f70 [ 73.461494][ T3072] arch_do_signal_or_restart+0x2b5/0x17b0 [ 73.467319][ T3072] exit_to_user_mode_prepare+0xf2/0x160 [ 73.472900][ T3072] syscall_exit_to_user_mode+0x12/0x30 [ 73.478624][ T3072] do_syscall_64+0x40/0x80 [ 73.483090][ T3072] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 73.489217][ T3072] [ 73.491545][ T3072] Memory state around the buggy address: [ 73.497438][ T3072] ffff888066d3ff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 73.506593][ T3072] ffff888066d3ff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 73.514737][ T3072] >ffff888066d40000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 73.523101][ T3072] ^ [ 73.527276][ T3072] ffff888066d40080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 73.535437][ T3072] ffff888066d40100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 73.543838][ T3072] ================================================================== [ 73.552015][ T3072] Disabling lock debugging due to kernel taint [ 73.558809][ T3072] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 73.566357][ T3072] Kernel Offset: disabled [ 73.571115][ T3072] Rebooting in 86400 seconds..