Warning: Permanently added '10.128.1.209' (ED25519) to the list of known hosts. 2025/10/29 12:26:28 parsed 1 programs [ 55.725507][ T2149] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k 2025/10/29 12:26:32 executed programs: 0 [ 62.378860][ T3068] loop3: detected capacity change from 0 to 32768 [ 62.460669][ T3068] ======================================================= [ 62.460669][ T3068] WARNING: The mand mount option has been deprecated and [ 62.460669][ T3068] and is ignored by this kernel. Remove the mand [ 62.460669][ T3068] option from the mount to silence this warning. [ 62.460669][ T3068] ======================================================= [ 62.544072][ T3068] ocfs2: Slot 0 on device (7,3) was already allocated to this node! [ 62.555016][ T3068] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 62.565962][ T3068] ================================================================== [ 62.574025][ T3068] BUG: KASAN: use-after-free in ocfs2_claim_suballoc_bits+0x1386/0x1860 [ 62.582344][ T3068] Read of size 4 at addr ffff888062fb6000 by task syz.3.16/3068 [ 62.590070][ T3068] [ 62.592552][ T3068] CPU: 1 PID: 3068 Comm: syz.3.16 Not tainted syzkaller #0 [ 62.599726][ T3068] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 62.609771][ T3068] Call Trace: [ 62.613127][ T3068] [ 62.616156][ T3068] dump_stack_lvl+0x41/0x5e [ 62.620719][ T3068] print_address_description.constprop.0.cold+0x6c/0x309 [ 62.627713][ T3068] ? ocfs2_claim_suballoc_bits+0x1386/0x1860 [ 62.633685][ T3068] ? ocfs2_claim_suballoc_bits+0x1386/0x1860 [ 62.639629][ T3068] kasan_report.cold+0x83/0xdf [ 62.644362][ T3068] ? ocfs2_claim_suballoc_bits+0x1386/0x1860 [ 62.650306][ T3068] ocfs2_claim_suballoc_bits+0x1386/0x1860 [ 62.656083][ T3068] ? jbd2_journal_dirty_metadata+0x4aa/0x8f0 [ 62.662034][ T3068] ? ocfs2_search_chain+0x1960/0x1960 [ 62.667372][ T3068] ? lock_downgrade+0x4f0/0x4f0 [ 62.672204][ T3068] ? __jbd2_journal_temp_unlink_buffer+0x27c/0x450 [ 62.678784][ T3068] __ocfs2_claim_clusters+0x203/0x900 [ 62.684134][ T3068] ? ocfs2_sync_local_to_main+0x681/0x7c0 [ 62.689872][ T3068] ? ocfs2_which_cluster_group+0x220/0x220 [ 62.695650][ T3068] ? ocfs2_journal_dirty+0x9f/0x410 [ 62.700828][ T3068] ocfs2_local_alloc_slide_window+0x800/0x1710 [ 62.706951][ T3068] ? ocfs2_sync_local_to_main+0x7c0/0x7c0 [ 62.712658][ T3068] ? do_raw_spin_lock+0x120/0x2b0 [ 62.717788][ T3068] ? rwlock_bug.part.0+0x90/0x90 [ 62.722692][ T3068] ? memweight+0x92/0x110 [ 62.726990][ T3068] ocfs2_reserve_local_alloc_bits+0x292/0x9a0 [ 62.733022][ T3068] ? ocfs2_complete_local_alloc_recovery+0x400/0x400 [ 62.739664][ T3068] ? do_raw_spin_unlock+0x171/0x230 [ 62.744830][ T3068] ? _raw_spin_unlock+0x1a/0x30 [ 62.749658][ T3068] ocfs2_reserve_clusters_with_limit+0x3db/0x9a0 [ 62.755983][ T3068] ? ocfs2_reserve_cluster_bitmap_bits+0x170/0x170 [ 62.762450][ T3068] ? ocfs2_add_links_count+0xe0/0xe0 [ 62.767791][ T3068] ? find_held_lock+0x2d/0x110 [ 62.772611][ T3068] ? ocfs2_inode_lock_full_nested+0x356/0x19b0 [ 62.778732][ T3068] ocfs2_mknod+0x932/0x1b80 [ 62.783215][ T3068] ? ocfs2_symlink+0x3170/0x3170 [ 62.788122][ T3068] ? ocfs2_inode_unlock+0x154/0x220 [ 62.793392][ T3068] ? do_raw_spin_lock+0x120/0x2b0 [ 62.798492][ T3068] ? lock_downgrade+0x4f0/0x4f0 [ 62.803306][ T3068] ? do_raw_spin_lock+0x120/0x2b0 [ 62.808294][ T3068] ? lock_acquire+0x11a/0x250 [ 62.812931][ T3068] ? _raw_spin_unlock+0x1a/0x30 [ 62.817770][ T3068] ? put_pid.part.0+0x79/0x100 [ 62.822498][ T3068] ? ocfs2_permission+0xb7/0x140 [ 62.827403][ T3068] ocfs2_mkdir+0xb6/0x2e0 [ 62.831697][ T3068] ? ocfs2_mknod+0x1b80/0x1b80 [ 62.836428][ T3068] vfs_mkdir+0x1c4/0x3e0 [ 62.840633][ T3068] ? security_path_mkdir+0xc0/0x130 [ 62.845797][ T3068] do_mkdirat+0x210/0x280 [ 62.850088][ T3068] ? __ia32_sys_mknod+0xa0/0xa0 [ 62.854904][ T3068] ? getname_flags.part.0+0x89/0x440 [ 62.860254][ T3068] __x64_sys_mkdirat+0xef/0x140 [ 62.865075][ T3068] do_syscall_64+0x33/0x80 [ 62.869592][ T3068] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 62.875463][ T3068] RIP: 0033:0x7f8c8faff169 [ 62.880113][ T3068] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 62.899774][ T3068] RSP: 002b:00007f8c8f571038 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 62.908162][ T3068] RAX: ffffffffffffffda RBX: 00007f8c8fd17fa0 RCX: 00007f8c8faff169 [ 62.916102][ T3068] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: ffffffffffffff9c [ 62.924306][ T3068] RBP: 00007f8c8fb802a0 R08: 0000000000000000 R09: 0000000000000000 [ 62.932436][ T3068] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 62.940553][ T3068] R13: 0000000000000000 R14: 00007f8c8fd17fa0 R15: 00007ffc0c8b1f18 [ 62.948581][ T3068] [ 62.951570][ T3068] [ 62.953876][ T3068] The buggy address belongs to the page: [ 62.959481][ T3068] page:ffffea00018bed80 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x62fb6 [ 62.969623][ T3068] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 62.976803][ T3068] raw: 00fff00000000000 ffffea00018bf0c8 ffffea00018bee08 0000000000000000 [ 62.985398][ T3068] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 62.994329][ T3068] page dumped because: kasan: bad access detected [ 63.000729][ T3068] page_owner tracks the page as freed [ 63.006065][ T3068] page last allocated via order 0, migratetype Movable, gfp_mask 0x1100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO), pid 2582, ts 62553026343, free_ts 62559555067 [ 63.021747][ T3068] get_page_from_freelist+0x1369/0x31f0 [ 63.027492][ T3068] __alloc_pages+0x1b2/0x440 [ 63.032252][ T3068] alloc_pages_vma+0xe0/0x650 [ 63.036986][ T3068] __handle_mm_fault+0x1d97/0x33a0 [ 63.042155][ T3068] handle_mm_fault+0x1c5/0x5b0 [ 63.047021][ T3068] do_user_addr_fault+0x298/0xc80 [ 63.052040][ T3068] exc_page_fault+0x5a/0xb0 [ 63.056515][ T3068] asm_exc_page_fault+0x22/0x30 [ 63.061347][ T3068] copy_user_enhanced_fast_string+0xe/0x40 [ 63.067126][ T3068] copy_page_to_iter+0x3d8/0xb60 [ 63.072066][ T3068] filemap_read+0x4e1/0xab0 [ 63.076552][ T3068] blkdev_read_iter+0xfb/0x180 [ 63.081291][ T3068] new_sync_read+0x35a/0x5f0 [ 63.085973][ T3068] vfs_read+0x209/0x470 [ 63.090463][ T3068] ksys_read+0xf4/0x1d0 [ 63.094614][ T3068] do_syscall_64+0x33/0x80 [ 63.099020][ T3068] page last free stack trace: [ 63.103664][ T3068] free_pcp_prepare+0x379/0x850 [ 63.108494][ T3068] free_unref_page_list+0x16f/0xbd0 [ 63.113662][ T3068] release_pages+0xb3a/0x1480 [ 63.118398][ T3068] tlb_finish_mmu+0x127/0x790 [ 63.123052][ T3068] unmap_region+0x298/0x390 [ 63.127537][ T3068] __do_munmap+0x47e/0x10d0 [ 63.132012][ T3068] __vm_munmap+0xd2/0x1a0 [ 63.136320][ T3068] __x64_sys_munmap+0x5d/0x80 [ 63.140975][ T3068] do_syscall_64+0x33/0x80 [ 63.145367][ T3068] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 63.151234][ T3068] [ 63.153556][ T3068] Memory state around the buggy address: [ 63.159165][ T3068] ffff888062fb5f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 63.167299][ T3068] ffff888062fb5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 63.175344][ T3068] >ffff888062fb6000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 63.183381][ T3068] ^ [ 63.187539][ T3068] ffff888062fb6080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 63.195836][ T3068] ffff888062fb6100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 63.203997][ T3068] ================================================================== [ 63.212122][ T3068] Disabling lock debugging due to kernel taint [ 63.219182][ T3068] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 63.226643][ T3068] Kernel Offset: disabled [ 63.230978][ T3068] Rebooting in 86400 seconds..