./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2225255430

<...>
Warning: Permanently added '10.128.1.125' (ED25519) to the list of known hosts.
execve("./syz-executor2225255430", ["./syz-executor2225255430"], 0x7ffcd5e3ee60 /* 10 vars */) = 0
brk(NULL)                               = 0x55558b187000
brk(0x55558b187e00)                     = 0x55558b187e00
arch_prctl(ARCH_SET_FS, 0x55558b187480) = 0
set_tid_address(0x55558b187750)         = 5824
set_robust_list(0x55558b187760, 24)     = 0
rseq(0x55558b187da0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor2225255430", 4096) = 28
getrandom("\xf0\x36\x43\xf4\x48\x21\xcc\x36", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x55558b187e00
brk(0x55558b1a8e00)                     = 0x55558b1a8e00
brk(0x55558b1a9000)                     = 0x55558b1a9000
mprotect(0x7fa471f19000, 16384, PROT_READ) = 0
mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000
mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000
mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000
rt_sigaction(SIGRTMIN, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0
rt_sigaction(SIGRT_1, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0
rt_sigaction(SIGSEGV, {sa_handler=0x7fa471e6ca60, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7fa471e74eb0}, NULL, 8) = 0
rt_sigaction(SIGBUS, {sa_handler=0x7fa471e6ca60, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7fa471e74eb0}, NULL, 8) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5825 attached
, child_tidptr=0x55558b187750) = 5825
[pid  5825] set_robust_list(0x55558b187760, 24) = 0
[pid  5825] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5825] setpgid(0, 0)               = 0
[pid  5825] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5825] write(3, "1000", 4)         = 4
[pid  5825] close(3)                    = 0
[pid  5825] write(1, "executing program\n", 18executing program
) = 18
[pid  5825] memfd_create("syzkaller", 0) = 3
[pid  5825] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa469a00000
[pid  5825] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216
[pid  5825] munmap(0x7fa469a00000, 138412032) = 0
[pid  5825] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5825] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5825] close(3)                    = 0
[pid  5825] close(4)                    = 0
[pid  5825] mkdir("./file1", 0777)      = 0
[   88.601536][ T5825] loop0: detected capacity change from 0 to 32768
[pid  5825] mount("/dev/loop0", "./file1", "ocfs2", 0, "acl,heartbeat=none,errors=remount-ro,coherency=full,coherency=full,localflocks,intr,noacl,") = 0
[pid  5825] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid  5825] chdir("./file1")            = 0
[pid  5825] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[   88.648231][ T5825] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[   88.719672][ T5825] ==================================================================
[   88.727750][ T5825] BUG: KASAN: use-after-free in ocfs2_claim_suballoc_bits+0x8b2/0x2450
[   88.736021][ T5825] Read of size 4 at addr ffff888071dd6000 by task syz-executor222/5825
[   88.744252][ T5825] 
[   88.746593][ T5825] CPU: 1 UID: 0 PID: 5825 Comm: syz-executor222 Not tainted 6.15.0-syzkaller-10402-g4cb6c8af8591 #0 PREEMPT(full) 
[   88.746611][ T5825] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   88.746623][ T5825] Call Trace:
[   88.746632][ T5825]  <TASK>
[   88.746638][ T5825]  dump_stack_lvl+0x189/0x250
[   88.746661][ T5825]  ? __virt_addr_valid+0x1c8/0x5c0
[   88.746679][ T5825]  ? rcu_is_watching+0x15/0xb0
[   88.746694][ T5825]  ? __kasan_check_byte+0x12/0x40
[   88.746717][ T5825]  ? __pfx_dump_stack_lvl+0x10/0x10
[   88.746736][ T5825]  ? rcu_is_watching+0x15/0xb0
[   88.746751][ T5825]  ? lock_release+0x4b/0x3e0
[   88.746766][ T5825]  ? __virt_addr_valid+0x1c8/0x5c0
[   88.746784][ T5825]  ? __virt_addr_valid+0x4a5/0x5c0
[   88.746803][ T5825]  print_report+0xd2/0x2b0
[   88.746819][ T5825]  ? ocfs2_claim_suballoc_bits+0x8b2/0x2450
[   88.746834][ T5825]  kasan_report+0x118/0x150
[   88.746856][ T5825]  ? ocfs2_claim_suballoc_bits+0x8b2/0x2450
[   88.746874][ T5825]  ocfs2_claim_suballoc_bits+0x8b2/0x2450
[   88.746893][ T5825]  ? check_path+0x21/0x40
[   88.746911][ T5825]  ? __pfx_ocfs2_claim_suballoc_bits+0x10/0x10
[   88.746925][ T5825]  ? lockdep_unlock+0x89/0x120
[   88.746936][ T5825]  ? validate_chain+0x897/0x2140
[   88.746961][ T5825]  ? __lock_acquire+0xab9/0xd20
[   88.746977][ T5825]  ocfs2_claim_new_inode+0x332/0x7a0
[   88.746995][ T5825]  ? __pfx_ocfs2_claim_new_inode+0x10/0x10
[   88.747012][ T5825]  ? _raw_spin_lock_irq+0xae/0xf0
[   88.747035][ T5825]  ? __pfx__raw_spin_lock_irq+0x10/0x10
[   88.747059][ T5825]  ocfs2_mknod_locked+0x100/0x250
[   88.747074][ T5825]  ? __pfx_ocfs2_mknod_locked+0x10/0x10
[   88.747086][ T5825]  ? dquot_alloc_inode+0x216/0xa50
[   88.747101][ T5825]  ? ocfs2_block_signals+0x94/0xe0
[   88.747121][ T5825]  ? __pfx_ocfs2_block_signals+0x10/0x10
[   88.747142][ T5825]  ? ocfs2_init_security_get+0x132/0x1a0
[   88.747160][ T5825]  ocfs2_mknod+0x10c7/0x2050
[   88.747178][ T5825]  ? __pfx_ocfs2_mknod+0x10/0x10
[   88.747190][ T5825]  ? do_raw_spin_unlock+0x122/0x240
[   88.747210][ T5825]  ? ocfs2_inode_lock_full_nested+0xabe/0x1b40
[   88.747237][ T5825]  ? __lock_acquire+0xab9/0xd20
[   88.747258][ T5825]  ? __lock_acquire+0xab9/0xd20
[   88.747272][ T5825]  ? smack_log+0xef/0x3f0
[   88.747291][ T5825]  ? __pfx_smack_log+0x10/0x10
[   88.747308][ T5825]  ? do_raw_spin_lock+0x121/0x290
[   88.747326][ T5825]  ? smk_access+0x14c/0x4e0
[   88.747346][ T5825]  ? smk_tskacc+0x2fc/0x370
[   88.747366][ T5825]  ? smack_inode_permission+0x28f/0x320
[   88.747388][ T5825]  ocfs2_mkdir+0x191/0x440
[   88.747401][ T5825]  ? __pfx_ocfs2_mkdir+0x10/0x10
[   88.747412][ T5825]  ? HAS_UNMAPPED_ID+0x11a/0x180
[   88.747428][ T5825]  ? bpf_lsm_inode_mkdir+0x9/0x20
[   88.747442][ T5825]  vfs_mkdir+0x306/0x510
[   88.747461][ T5825]  do_mkdirat+0x247/0x590
[   88.747480][ T5825]  ? __pfx_do_mkdirat+0x10/0x10
[   88.747499][ T5825]  ? getname_flags+0x1e5/0x540
[   88.747513][ T5825]  __x64_sys_mkdirat+0x87/0xa0
[   88.747532][ T5825]  do_syscall_64+0xfa/0x3b0
[   88.747545][ T5825]  ? lockdep_hardirqs_on+0x9c/0x150
[   88.747557][ T5825]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   88.747571][ T5825]  ? clear_bhb_loop+0x60/0xb0
[   88.747586][ T5825]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   88.747599][ T5825] RIP: 0033:0x7fa471ea1f59
[   88.747619][ T5825] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   88.747633][ T5825] RSP: 002b:00007ffddee82338 EFLAGS: 00000246 ORIG_RAX: 0000000000000102
[   88.747647][ T5825] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa471ea1f59
[   88.747657][ T5825] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 00000000ffffff9c
[   88.747666][ T5825] RBP: 0000000000000000 R08: 0000000000004457 R09: 00007ffddee82370
[   88.747674][ T5825] R10: 00007ffddee82200 R11: 0000000000000246 R12: 00007ffddee82370
[   88.747684][ T5825] R13: 00007ffddee825f8 R14: 431bde82d7b634db R15: 00007fa471eea03b
[   88.747700][ T5825]  </TASK>
[   88.747704][ T5825] 
[   89.129989][ T5825] The buggy address belongs to the physical page:
[   89.136403][ T5825] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x71dd6
[   89.145158][ T5825] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   89.152275][ T5825] raw: 00fff00000000000 ffffea0001c775c8 ffff8880b8741470 0000000000000000
[   89.160852][ T5825] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[   89.169422][ T5825] page dumped because: kasan: bad access detected
[   89.175827][ T5825] page_owner tracks the page as freed
[   89.181181][ T5825] page last allocated via order 0, migratetype Unmovable, gfp_mask 0xcc0(GFP_KERNEL), pid 1, tgid 1 (swapper/0), ts 26692944343, free_ts 28787811005
[   89.196197][ T5825]  post_alloc_hook+0x240/0x2a0
[   89.200960][ T5825]  split_free_pages+0xd7/0x2f0
[   89.205723][ T5825]  alloc_contig_range_noprof+0xd29/0x1210
[   89.211438][ T5825]  alloc_contig_pages_noprof+0x47b/0x5a0
[   89.217068][ T5825]  debug_vm_pgtable_alloc_huge_page+0xb5/0x110
[   89.223220][ T5825]  init_args+0x95f/0xd70
[   89.227460][ T5825]  debug_vm_pgtable+0xc0/0x450
[   89.232218][ T5825]  do_one_initcall+0x233/0x820
[   89.236989][ T5825]  do_initcall_level+0x137/0x1f0
[   89.241918][ T5825]  do_initcalls+0x69/0xd0
[   89.246243][ T5825]  kernel_init_freeable+0x3d9/0x570
[   89.251442][ T5825]  kernel_init+0x1d/0x1d0
[   89.255768][ T5825]  ret_from_fork+0x3fc/0x770
[   89.260353][ T5825]  ret_from_fork_asm+0x1a/0x30
[   89.265114][ T5825] page last free pid 1 tgid 1 stack trace:
[   89.270909][ T5825]  __free_frozen_pages+0xc65/0xe50
[   89.276018][ T5825]  free_contig_range+0x1bd/0x4a0
[   89.280954][ T5825]  destroy_args+0x7e/0x5d0
[   89.285370][ T5825]  debug_vm_pgtable+0x412/0x450
[   89.290236][ T5825]  do_one_initcall+0x233/0x820
[   89.294990][ T5825]  do_initcall_level+0x137/0x1f0
[   89.299920][ T5825]  do_initcalls+0x69/0xd0
[   89.304247][ T5825]  kernel_init_freeable+0x3d9/0x570
[   89.309435][ T5825]  kernel_init+0x1d/0x1d0
[   89.313760][ T5825]  ret_from_fork+0x3fc/0x770
[   89.318367][ T5825]  ret_from_fork_asm+0x1a/0x30
[   89.323127][ T5825] 
[   89.325443][ T5825] Memory state around the buggy address:
[   89.331061][ T5825]  ffff888071dd5f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   89.339128][ T5825]  ffff888071dd5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   89.347190][ T5825] >ffff888071dd6000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   89.355243][ T5825]                    ^
[   89.359304][ T5825]  ffff888071dd6080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   89.367355][ T5825]  ffff888071dd6100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   89.375406][ T5825] ==================================================================
[   89.384098][ T5825] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   89.391336][ T5825] CPU: 0 UID: 0 PID: 5825 Comm: syz-executor222 Not tainted 6.15.0-syzkaller-10402-g4cb6c8af8591 #0 PREEMPT(full) 
[   89.403421][ T5825] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   89.413467][ T5825] Call Trace:
[   89.416740][ T5825]  <TASK>
[   89.419663][ T5825]  dump_stack_lvl+0x99/0x250
[   89.424251][ T5825]  ? __asan_memcpy+0x40/0x70
[   89.428835][ T5825]  ? __pfx_dump_stack_lvl+0x10/0x10
[   89.434045][ T5825]  ? __pfx__printk+0x10/0x10
[   89.438648][ T5825]  panic+0x2db/0x790
[   89.442541][ T5825]  ? __pfx_panic+0x10/0x10
[   89.446955][ T5825]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[   89.452847][ T5825]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   89.459166][ T5825]  ? print_memory_metadata+0x314/0x400
[   89.464616][ T5825]  ? ocfs2_claim_suballoc_bits+0x8b2/0x2450
[   89.470502][ T5825]  check_panic_on_warn+0x89/0xb0
[   89.475435][ T5825]  ? ocfs2_claim_suballoc_bits+0x8b2/0x2450
[   89.481317][ T5825]  end_report+0x78/0x160
[   89.485557][ T5825]  kasan_report+0x129/0x150
[   89.490078][ T5825]  ? ocfs2_claim_suballoc_bits+0x8b2/0x2450
[   89.495964][ T5825]  ocfs2_claim_suballoc_bits+0x8b2/0x2450
[   89.501675][ T5825]  ? check_path+0x21/0x40
[   89.505996][ T5825]  ? __pfx_ocfs2_claim_suballoc_bits+0x10/0x10
[   89.512153][ T5825]  ? lockdep_unlock+0x89/0x120
[   89.516911][ T5825]  ? validate_chain+0x897/0x2140
[   89.521849][ T5825]  ? __lock_acquire+0xab9/0xd20
[   89.526693][ T5825]  ocfs2_claim_new_inode+0x332/0x7a0
[   89.531975][ T5825]  ? __pfx_ocfs2_claim_new_inode+0x10/0x10
[   89.537767][ T5825]  ? _raw_spin_lock_irq+0xae/0xf0
[   89.542795][ T5825]  ? __pfx__raw_spin_lock_irq+0x10/0x10
[   89.548339][ T5825]  ocfs2_mknod_locked+0x100/0x250
[   89.553441][ T5825]  ? __pfx_ocfs2_mknod_locked+0x10/0x10
[   89.558968][ T5825]  ? dquot_alloc_inode+0x216/0xa50
[   89.564069][ T5825]  ? ocfs2_block_signals+0x94/0xe0
[   89.569268][ T5825]  ? __pfx_ocfs2_block_signals+0x10/0x10
[   89.574904][ T5825]  ? ocfs2_init_security_get+0x132/0x1a0
[   89.580527][ T5825]  ocfs2_mknod+0x10c7/0x2050
[   89.585111][ T5825]  ? __pfx_ocfs2_mknod+0x10/0x10
[   89.590039][ T5825]  ? do_raw_spin_unlock+0x122/0x240
[   89.595236][ T5825]  ? ocfs2_inode_lock_full_nested+0xabe/0x1b40
[   89.601381][ T5825]  ? __lock_acquire+0xab9/0xd20
[   89.606227][ T5825]  ? __lock_acquire+0xab9/0xd20
[   89.611067][ T5825]  ? smack_log+0xef/0x3f0
[   89.615400][ T5825]  ? __pfx_smack_log+0x10/0x10
[   89.620162][ T5825]  ? do_raw_spin_lock+0x121/0x290
[   89.625187][ T5825]  ? smk_access+0x14c/0x4e0
[   89.629690][ T5825]  ? smk_tskacc+0x2fc/0x370
[   89.634198][ T5825]  ? smack_inode_permission+0x28f/0x320
[   89.639749][ T5825]  ocfs2_mkdir+0x191/0x440
[   89.644171][ T5825]  ? __pfx_ocfs2_mkdir+0x10/0x10
[   89.649105][ T5825]  ? HAS_UNMAPPED_ID+0x11a/0x180
[   89.654044][ T5825]  ? bpf_lsm_inode_mkdir+0x9/0x20
[   89.659066][ T5825]  vfs_mkdir+0x306/0x510
[   89.663310][ T5825]  do_mkdirat+0x247/0x590
[   89.667640][ T5825]  ? __pfx_do_mkdirat+0x10/0x10
[   89.672485][ T5825]  ? getname_flags+0x1e5/0x540
[   89.677243][ T5825]  __x64_sys_mkdirat+0x87/0xa0
[   89.682004][ T5825]  do_syscall_64+0xfa/0x3b0
[   89.686512][ T5825]  ? lockdep_hardirqs_on+0x9c/0x150
[   89.691708][ T5825]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   89.697755][ T5825]  ? clear_bhb_loop+0x60/0xb0
[   89.702420][ T5825]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   89.708297][ T5825] RIP: 0033:0x7fa471ea1f59
[   89.712699][ T5825] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   89.732294][ T5825] RSP: 002b:00007ffddee82338 EFLAGS: 00000246 ORIG_RAX: 0000000000000102
[   89.740850][ T5825] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa471ea1f59
[   89.748845][ T5825] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 00000000ffffff9c
[   89.756814][ T5825] RBP: 0000000000000000 R08: 0000000000004457 R09: 00007ffddee82370
[   89.764778][ T5825] R10: 00007ffddee82200 R11: 0000000000000246 R12: 00007ffddee82370
[   89.772740][ T5825] R13: 00007ffddee825f8 R14: 431bde82d7b634db R15: 00007fa471eea03b
[   89.780709][ T5825]  </TASK>
[   89.784132][ T5825] Kernel Offset: disabled
[   89.788472][ T5825] Rebooting in 86400 seconds..