Warning: Permanently added '10.128.10.30' (ED25519) to the list of known hosts. executing program syzkaller login: [ 62.286546][ T4168] loop0: detected capacity change from 0 to 32768 [ 62.337364][ T4168] ======================================================= [ 62.337364][ T4168] WARNING: The mand mount option has been deprecated and [ 62.337364][ T4168] and is ignored by this kernel. Remove the mand [ 62.337364][ T4168] option from the mount to silence this warning. [ 62.337364][ T4168] ======================================================= [ 62.405993][ T4168] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 62.437144][ T4167] ocfs2: Unmounting device (7,0) on (node local) executing program [ 62.706167][ T4173] loop0: detected capacity change from 0 to 32768 [ 62.794025][ T4173] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 62.825318][ T4167] ocfs2: Unmounting device (7,0) on (node local) executing program [ 63.104133][ T4176] loop0: detected capacity change from 0 to 32768 [ 63.193929][ T4176] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 63.204527][ T4176] ================================================================== [ 63.212770][ T4176] BUG: KASAN: use-after-free in ocfs2_search_dirblock+0x267/0x7f0 [ 63.220634][ T4176] Read of size 1 at addr ffff88807168d8cb by task syz-executor299/4176 [ 63.228865][ T4176] [ 63.231206][ T4176] CPU: 0 PID: 4176 Comm: syz-executor299 Not tainted 5.15.178-syzkaller #0 [ 63.239778][ T4176] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 63.249830][ T4176] Call Trace: [ 63.253111][ T4176] <TASK> [ 63.256079][ T4176] dump_stack_lvl+0x1e3/0x2d0 [ 63.260772][ T4176] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 63.266395][ T4176] ? _printk+0xd1/0x120 [ 63.270549][ T4176] ? __wake_up_klogd+0xcc/0x100 [ 63.275401][ T4176] ? panic+0x860/0x860 [ 63.279488][ T4176] ? _raw_spin_lock_irqsave+0xdd/0x120 [ 63.284949][ T4176] print_address_description+0x63/0x3b0 [ 63.290491][ T4176] ? ocfs2_search_dirblock+0x267/0x7f0 [ 63.296068][ T4176] kasan_report+0x16b/0x1c0 [ 63.300560][ T4176] ? ocfs2_search_dirblock+0x267/0x7f0 [ 63.306030][ T4176] ocfs2_search_dirblock+0x267/0x7f0 [ 63.311326][ T4176] ? ocfs2_read_inode_block+0x148/0x1d0 [ 63.316888][ T4176] ? ocfs2_read_dir_block_direct+0x540/0x540 [ 63.322884][ T4176] ocfs2_find_entry+0x114b/0x26d0 [ 63.327918][ T4176] ? mark_lock+0x98/0x340 [ 63.332266][ T4176] ? unwind_next_frame+0x1437/0x1fa0 [ 63.337570][ T4176] ? ocfs2_free_dir_lookup_result+0x100/0x100 [ 63.343660][ T4176] ? read_lock_is_recursive+0x10/0x10 [ 63.349024][ T4176] ? ocfs2_inode_lock_full_nested+0x177/0x1bf0 [ 63.355171][ T4176] ? __lock_acquire+0x1ff0/0x1ff0 [ 63.360184][ T4176] ? do_raw_spin_lock+0x14a/0x370 [ 63.365229][ T4176] ? do_raw_spin_unlock+0x137/0x8b0 [ 63.370534][ T4176] ? _raw_spin_unlock+0x24/0x40 [ 63.375710][ T4176] ? ocfs2_inode_lock_full_nested+0xb2e/0x1bf0 [ 63.381883][ T4176] ? __kasan_slab_alloc+0x8e/0xc0 [ 63.386919][ T4176] ? d_alloc+0x48/0x1d0 [ 63.391086][ T4176] ? filename_create+0x293/0x530 [ 63.396018][ T4176] ? __x64_sys_mkdir+0x6a/0x80 [ 63.400808][ T4176] ? do_syscall_64+0x3b/0xb0 [ 63.405407][ T4176] ? ocfs2_downconvert_lock+0x500/0x500 [ 63.410969][ T4176] ocfs2_find_files_on_disk+0xea/0x310 [ 63.416433][ T4176] ocfs2_lookup_ino_from_name+0xad/0x1e0 [ 63.422098][ T4176] ? ocfs2_find_files_on_disk+0x310/0x310 [ 63.427827][ T4176] ocfs2_lookup+0x27b/0x9f0 [ 63.432330][ T4176] ? ocfs2_update_inode_fsync_trans+0x200/0x200 [ 63.438586][ T4176] ? do_raw_spin_unlock+0x137/0x8b0 [ 63.443784][ T4176] ? _raw_spin_unlock+0x24/0x40 [ 63.448626][ T4176] ? d_alloc+0x194/0x1d0 [ 63.452877][ T4176] lookup_one_qstr_excl+0x117/0x240 [ 63.458115][ T4176] filename_create+0x293/0x530 [ 63.462906][ T4176] ? kern_path_create+0x180/0x180 [ 63.467937][ T4176] ? __virt_addr_valid+0x3bb/0x460 [ 63.473084][ T4176] do_mkdirat+0xb3/0x520 [ 63.477334][ T4176] ? vfs_mkdir+0x590/0x590 [ 63.481747][ T4176] ? getname_flags+0x1ec/0x4e0 [ 63.486531][ T4176] ? lockdep_hardirqs_on+0x94/0x130 [ 63.491735][ T4176] __x64_sys_mkdir+0x6a/0x80 [ 63.496322][ T4176] do_syscall_64+0x3b/0xb0 [ 63.500758][ T4176] ? clear_bhb_loop+0x15/0x70 [ 63.505435][ T4176] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 63.511344][ T4176] RIP: 0033:0x7f8cf262a129 [ 63.515754][ T4176] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 63.535349][ T4176] RSP: 002b:00007ffcecedbb78 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 63.543799][ T4176] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8cf262a129 [ 63.551768][ T4176] RDX: 00007f8cf26292c0 RSI: 0000000000000044 RDI: 0000000020000180 [ 63.559769][ T4176] RBP: 0000000000000004 R08: 0000000000004433 R09: 00000000000088c0 [ 63.567731][ T4176] R10: 00007ffcecedbc00 R11: 0000000000000246 R12: 00007ffcecedbbc0 [ 63.575696][ T4176] R13: 00007ffcecedbc00 R14: 0000000001000000 R15: 0000000000000003 [ 63.583798][ T4176] </TASK> [ 63.586820][ T4176] [ 63.589139][ T4176] The buggy address belongs to the page: [ 63.594782][ T4176] page:ffffea0001c5a340 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x7168d [ 63.604940][ T4176] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 63.612061][ T4176] raw: 00fff00000000000 ffffea0001c5a388 ffffea0001be9f48 0000000000000000 [ 63.620637][ T4176] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 63.629223][ T4176] page dumped because: kasan: bad access detected [ 63.635635][ T4176] page_owner tracks the page as freed [ 63.640990][ T4176] page last allocated via order 0, migratetype Movable, gfp_mask 0x1100cca(GFP_HIGHUSER_MOVABLE), pid 4167, ts 62068650802, free_ts 62070595920 [ 63.655594][ T4176] get_page_from_freelist+0x3b78/0x3d40 [ 63.661149][ T4176] __alloc_pages+0x272/0x700 [ 63.665749][ T4176] alloc_pages_vma+0x39a/0x800 [ 63.670520][ T4176] wp_page_copy+0x24e/0x2070 [ 63.675124][ T4176] handle_mm_fault+0x2a3d/0x5960 [ 63.680080][ T4176] exc_page_fault+0x271/0x700 [ 63.684753][ T4176] asm_exc_page_fault+0x22/0x30 [ 63.689625][ T4176] page last free stack trace: [ 63.694283][ T4176] free_unref_page_prepare+0xc34/0xcf0 [ 63.699744][ T4176] free_unref_page_list+0x1f7/0x8e0 [ 63.704933][ T4176] release_pages+0x1bb9/0x1f40 [ 63.709690][ T4176] tlb_finish_mmu+0x177/0x320 [ 63.714376][ T4176] unmap_region+0x304/0x350 [ 63.718982][ T4176] __do_munmap+0x130a/0x1710 [ 63.723560][ T4176] __vm_munmap+0x134/0x230 [ 63.727965][ T4176] __x64_sys_munmap+0x67/0x70 [ 63.732629][ T4176] do_syscall_64+0x3b/0xb0 [ 63.737034][ T4176] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 63.742918][ T4176] [ 63.745227][ T4176] Memory state around the buggy address: [ 63.750845][ T4176] ffff88807168d780: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 63.758895][ T4176] ffff88807168d800: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 63.767422][ T4176] >ffff88807168d880: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 63.775473][ T4176] ^ [ 63.782008][ T4176] ffff88807168d900: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 63.790092][ T4176] ffff88807168d980: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 63.798143][ T4176] ================================================================== [ 63.806641][ T4176] Disabling lock debugging due to kernel taint [ 63.813099][ T4176] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 63.820295][ T4176] CPU: 0 PID: 4176 Comm: syz-executor299 Tainted: G B 5.15.178-syzkaller #0 [ 63.830311][ T4176] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 63.840375][ T4176] Call Trace: [ 63.843649][ T4176] <TASK> [ 63.846566][ T4176] dump_stack_lvl+0x1e3/0x2d0 [ 63.851234][ T4176] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 63.856880][ T4176] ? panic+0x860/0x860 [ 63.860946][ T4176] ? rcu_is_watching+0x11/0xa0 [ 63.865723][ T4176] ? preempt_schedule_common+0xa6/0xd0 [ 63.871174][ T4176] panic+0x318/0x860 [ 63.875065][ T4176] ? asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 63.881208][ T4176] ? check_panic_on_warn+0x1d/0xa0 [ 63.886312][ T4176] ? fb_is_primary_device+0xd0/0xd0 [ 63.891501][ T4176] ? _raw_spin_unlock_irqrestore+0x128/0x130 [ 63.897488][ T4176] ? _raw_spin_unlock+0x40/0x40 [ 63.902347][ T4176] check_panic_on_warn+0x7e/0xa0 [ 63.907272][ T4176] ? ocfs2_search_dirblock+0x267/0x7f0 [ 63.912719][ T4176] end_report+0x6d/0xf0 [ 63.916871][ T4176] kasan_report+0x18e/0x1c0 [ 63.921367][ T4176] ? ocfs2_search_dirblock+0x267/0x7f0 [ 63.926952][ T4176] ocfs2_search_dirblock+0x267/0x7f0 [ 63.932229][ T4176] ? ocfs2_read_inode_block+0x148/0x1d0 [ 63.937772][ T4176] ? ocfs2_read_dir_block_direct+0x540/0x540 [ 63.943747][ T4176] ocfs2_find_entry+0x114b/0x26d0 [ 63.948766][ T4176] ? mark_lock+0x98/0x340 [ 63.953101][ T4176] ? unwind_next_frame+0x1437/0x1fa0 [ 63.958378][ T4176] ? ocfs2_free_dir_lookup_result+0x100/0x100 [ 63.964463][ T4176] ? read_lock_is_recursive+0x10/0x10 [ 63.969844][ T4176] ? ocfs2_inode_lock_full_nested+0x177/0x1bf0 [ 63.975985][ T4176] ? __lock_acquire+0x1ff0/0x1ff0 [ 63.980998][ T4176] ? do_raw_spin_lock+0x14a/0x370 [ 63.986012][ T4176] ? do_raw_spin_unlock+0x137/0x8b0 [ 63.991217][ T4176] ? _raw_spin_unlock+0x24/0x40 [ 63.996056][ T4176] ? ocfs2_inode_lock_full_nested+0xb2e/0x1bf0 [ 64.002201][ T4176] ? __kasan_slab_alloc+0x8e/0xc0 [ 64.007225][ T4176] ? d_alloc+0x48/0x1d0 [ 64.011368][ T4176] ? filename_create+0x293/0x530 [ 64.016309][ T4176] ? __x64_sys_mkdir+0x6a/0x80 [ 64.021080][ T4176] ? do_syscall_64+0x3b/0xb0 [ 64.025680][ T4176] ? ocfs2_downconvert_lock+0x500/0x500 [ 64.031309][ T4176] ocfs2_find_files_on_disk+0xea/0x310 [ 64.036758][ T4176] ocfs2_lookup_ino_from_name+0xad/0x1e0 [ 64.042383][ T4176] ? ocfs2_find_files_on_disk+0x310/0x310 [ 64.048095][ T4176] ocfs2_lookup+0x27b/0x9f0 [ 64.052606][ T4176] ? ocfs2_update_inode_fsync_trans+0x200/0x200 [ 64.058833][ T4176] ? do_raw_spin_unlock+0x137/0x8b0 [ 64.064019][ T4176] ? _raw_spin_unlock+0x24/0x40 [ 64.068857][ T4176] ? d_alloc+0x194/0x1d0 [ 64.073092][ T4176] lookup_one_qstr_excl+0x117/0x240 [ 64.078382][ T4176] filename_create+0x293/0x530 [ 64.083133][ T4176] ? kern_path_create+0x180/0x180 [ 64.088145][ T4176] ? __virt_addr_valid+0x3bb/0x460 [ 64.093246][ T4176] do_mkdirat+0xb3/0x520 [ 64.097480][ T4176] ? vfs_mkdir+0x590/0x590 [ 64.101882][ T4176] ? getname_flags+0x1ec/0x4e0 [ 64.106651][ T4176] ? lockdep_hardirqs_on+0x94/0x130 [ 64.111845][ T4176] __x64_sys_mkdir+0x6a/0x80 [ 64.116457][ T4176] do_syscall_64+0x3b/0xb0 [ 64.120857][ T4176] ? clear_bhb_loop+0x15/0x70 [ 64.125522][ T4176] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 64.131404][ T4176] RIP: 0033:0x7f8cf262a129 [ 64.135807][ T4176] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 64.155404][ T4176] RSP: 002b:00007ffcecedbb78 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 64.163925][ T4176] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8cf262a129 [ 64.171886][ T4176] RDX: 00007f8cf26292c0 RSI: 0000000000000044 RDI: 0000000020000180 [ 64.179933][ T4176] RBP: 0000000000000004 R08: 0000000000004433 R09: 00000000000088c0 [ 64.187894][ T4176] R10: 00007ffcecedbc00 R11: 0000000000000246 R12: 00007ffcecedbbc0 [ 64.195946][ T4176] R13: 00007ffcecedbc00 R14: 0000000001000000 R15: 0000000000000003 [ 64.203933][ T4176] </TASK> [ 64.207254][ T4176] Kernel Offset: disabled [ 64.211584][ T4176] Rebooting in 86400 seconds..