Warning: Permanently added '10.128.1.237' (ED25519) to the list of known hosts.
2025/09/28 08:54:58 parsed 1 programs
[   71.217144][  T575] cfg80211: failed to load regulatory.db
[   72.739857][ T3101] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
2025/09/28 08:55:08 executed programs: 0
[   81.241330][ T3547] loop4: detected capacity change from 0 to 32768
[   81.242320][ T3547] =======================================================
[   81.242320][ T3547] WARNING: The mand mount option has been deprecated and
[   81.242320][ T3547]          and is ignored by this kernel. Remove the mand
[   81.242320][ T3547]          option from the mount to silence this warning.
[   81.242320][ T3547] =======================================================
[   81.326154][ T3547] ocfs2: Mounting device (7,4) on (node local, slot 0) with writeback data mode.
[   81.387857][ T3141] ==================================================================
[   81.387867][ T3141] BUG: KASAN: slab-use-after-free in ocfs2_get_system_file_inode+0x179/0x630
[   81.387884][ T3141] Read of size 8 at addr ffff888019e74d90 by task syz-executor/3141
[   81.387890][ T3141] 
[   81.387906][ T3141] CPU: 0 UID: 0 PID: 3141 Comm: syz-executor Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[   81.387917][ T3141] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[   81.387925][ T3141] Call Trace:
[   81.387929][ T3141]  <TASK>
[   81.387933][ T3141]  dump_stack_lvl+0xf4/0x170
[   81.387944][ T3141]  ? __pfx_dump_stack_lvl+0x10/0x10
[   81.387952][ T3141]  ? rcu_is_watching+0x1f/0xa0
[   81.387960][ T3141]  ? __virt_addr_valid+0x176/0x2b0
[   81.387967][ T3141]  ? lock_release+0x42/0x2f0
[   81.387976][ T3141]  ? lock_acquire+0x69/0x210
[   81.387984][ T3141]  ? __virt_addr_valid+0x176/0x2b0
[   81.387989][ T3141]  ? __virt_addr_valid+0x262/0x2b0
[   81.387996][ T3141]  print_report+0xca/0x240
[   81.388004][ T3141]  ? ocfs2_get_system_file_inode+0x179/0x630
[   81.388010][ T3141]  kasan_report+0x118/0x150
[   81.388019][ T3141]  ? ocfs2_get_system_file_inode+0x179/0x630
[   81.388027][ T3141]  ocfs2_get_system_file_inode+0x179/0x630
[   81.388035][ T3141]  ? __pfx_ocfs2_remove_refcount_tree+0x10/0x10
[   81.388042][ T3141]  ? __pfx_ocfs2_get_system_file_inode+0x10/0x10
[   81.388048][ T3141]  ? _raw_spin_unlock_irqrestore+0xa0/0x100
[   81.388058][ T3141]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   81.388067][ T3141]  ? rwbase_write_lock+0x4d6/0x8d0
[   81.388073][ T3141]  ocfs2_evict_inode+0xe00/0x3030
[   81.388084][ T3141]  ? __pfx_ocfs2_evict_inode+0x10/0x10
[   81.388092][ T3141]  ? rtlock_slowlock_locked+0xd0/0x3b00
[   81.388101][ T3141]  ? try_to_take_rt_mutex+0x810/0xa80
[   81.388110][ T3141]  ? rtlock_slowlock_locked+0xd0/0x3b00
[   81.388117][ T3141]  ? is_module_text_address+0x1d/0x150
[   81.388125][ T3141]  ? is_module_text_address+0x1d/0x150
[   81.388132][ T3141]  ? do_raw_spin_lock+0x121/0x2c0
[   81.388141][ T3141]  ? try_to_take_rt_mutex+0x810/0xa80
[   81.388150][ T3141]  ? rtlock_slowlock_locked+0xd0/0x3b00
[   81.388157][ T3141]  ? try_to_take_rt_mutex+0x810/0xa80
[   81.388165][ T3141]  ? do_raw_spin_lock+0x121/0x2c0
[   81.388172][ T3141]  ? do_raw_spin_unlock+0x122/0x240
[   81.388178][ T3141]  ? _raw_spin_unlock_irqrestore+0xa0/0x100
[   81.388185][ T3141]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   81.388193][ T3141]  ? rt_mutex_slowunlock+0x445/0x760
[   81.388201][ T3141]  ? __pfx_migrate_enable+0x10/0x10
[   81.388208][ T3141]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[   81.388217][ T3141]  evict+0x3ed/0x8e0
[   81.388227][ T3141]  ? __pfx_evict+0x10/0x10
[   81.388236][ T3141]  ? iput+0x476/0x6a0
[   81.388243][ T3141]  vfs_rmdir+0x34f/0x400
[   81.388249][ T3141]  do_rmdir+0x1ee/0x430
[   81.388255][ T3141]  ? __pfx_do_rmdir+0x10/0x10
[   81.388261][ T3141]  ? getname_flags+0x151/0x490
[   81.388269][ T3141]  __x64_sys_unlinkat+0x92/0xb0
[   81.388275][ T3141]  do_syscall_64+0x8f/0x250
[   81.388282][ T3141]  ? fpregs_assert_state_consistent+0x48/0x60
[   81.388291][ T3141]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   81.388298][ T3141] RIP: 0033:0x7f6aac90e1c7
[   81.388310][ T3141] Code: 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 07 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   81.388316][ T3141] RSP: 002b:00007ffffbcf69c8 EFLAGS: 00000207 ORIG_RAX: 0000000000000107
[   81.388325][ T3141] RAX: ffffffffffffffda RBX: 0000000000000065 RCX: 00007f6aac90e1c7
[   81.388330][ T3141] RDX: 0000000000000200 RSI: 00007ffffbcf7b70 RDI: 00000000ffffff9c
[   81.388334][ T3141] RBP: 00007f6aac991c05 R08: 0000555588ca254b R09: 0000000000000000
[   81.388339][ T3141] R10: 0000000000001000 R11: 0000000000000207 R12: 00007ffffbcf7b70
[   81.388343][ T3141] R13: 00007f6aac991c05 R14: 0000000000013d1a R15: 00007ffffbcf9d30
[   81.388350][ T3141]  </TASK>
[   81.388353][ T3141] 
[   81.388359][ T3141] Allocated by task 3487:
[   81.388363][ T3141]  kasan_save_track+0x3e/0x80
[   81.388370][ T3141]  __kasan_slab_alloc+0x6c/0x80
[   81.388377][ T3141]  kmem_cache_alloc_noprof+0x131/0x360
[   81.388384][ T3141]  getname_flags+0x9b/0x490
[   81.388389][ T3141]  do_sys_openat2+0xac/0x180
[   81.388397][ T3141]  __x64_sys_openat+0xf3/0x120
[   81.388403][ T3141]  do_syscall_64+0x8f/0x250
[   81.388408][ T3141]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   81.388412][ T3141] 
[   81.388414][ T3141] Freed by task 3487:
[   81.388417][ T3141]  kasan_save_track+0x3e/0x80
[   81.388423][ T3141]  kasan_save_free_info+0x46/0x50
[   81.388428][ T3141]  __kasan_slab_free+0x5b/0x80
[   81.388434][ T3141]  kmem_cache_free+0x171/0x500
[   81.388439][ T3141]  do_sys_openat2+0x125/0x180
[   81.388444][ T3141]  __x64_sys_openat+0xf3/0x120
[   81.388450][ T3141]  do_syscall_64+0x8f/0x250
[   81.388455][ T3141]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   81.388460][ T3141] 
[   81.388462][ T3141] The buggy address belongs to the object at ffff888019e74400
[   81.388462][ T3141]  which belongs to the cache names_cache of size 4096
[   81.388468][ T3141] The buggy address is located 2448 bytes inside of
[   81.388468][ T3141]  freed 4096-byte region [ffff888019e74400, ffff888019e75400)
[   81.388474][ T3141] 
[   81.388476][ T3141] The buggy address belongs to the physical page:
[   81.388486][ T3141] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x19e70
[   81.388495][ T3141] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   81.388500][ T3141] flags: 0x80000000000040(head|node=0|zone=1)
[   81.388510][ T3141] page_type: f5(slab)
[   81.388516][ T3141] raw: 0080000000000040 ffff8880102d9780 dead000000000100 dead000000000122
[   81.388521][ T3141] raw: 0000000000000000 0000000000070007 00000000f5000000 0000000000000000
[   81.388527][ T3141] head: 0080000000000040 ffff8880102d9780 dead000000000100 dead000000000122
[   81.388531][ T3141] head: 0000000000000000 0000000000070007 00000000f5000000 0000000000000000
[   81.388536][ T3141] head: 0080000000000003 ffffea0000679c01 00000000ffffffff 00000000ffffffff
[   81.388540][ T3141] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000008
[   81.388542][ T3141] page dumped because: kasan: bad access detected
[   81.388550][ T3141] page_owner tracks the page as allocated
[   81.388553][ T3141] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 2719, tgid 2719 (syz-executor), ts 43574377951, free_ts 43569525917
[   81.388564][ T3141]  post_alloc_hook+0x168/0x1a0
[   81.388571][ T3141]  get_page_from_freelist+0x27e0/0x2880
[   81.388579][ T3141]  __alloc_frozen_pages_noprof+0x26b/0x460
[   81.388586][ T3141]  alloc_pages_mpol+0xcb/0x270
[   81.388594][ T3141]  allocate_slab+0x8a/0x320
[   81.388600][ T3141]  ___slab_alloc+0x7e8/0xc30
[   81.388606][ T3141]  kmem_cache_alloc_noprof+0xcb/0x360
[   81.388611][ T3141]  getname_flags+0x9b/0x490
[   81.388617][ T3141]  vfs_fstatat+0x26/0xe0
[   81.388623][ T3141]  __se_sys_newfstatat+0xc0/0x300
[   81.388629][ T3141]  do_syscall_64+0x8f/0x250
[   81.388634][ T3141]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   81.388639][ T3141] page last free pid 2719 tgid 2719 stack trace:
[   81.388643][ T3141]  __free_frozen_pages+0xbf8/0xd90
[   81.388650][ T3141]  __put_partials+0x14f/0x190
[   81.388656][ T3141]  __slab_free+0x281/0x350
[   81.388663][ T3141]  qlist_free_all+0x97/0x140
[   81.388670][ T3141]  kasan_quarantine_reduce+0x148/0x160
[   81.388676][ T3141]  __kasan_slab_alloc+0x22/0x80
[   81.388682][ T3141]  kmem_cache_alloc_noprof+0x131/0x360
[   81.388688][ T3141]  getname_flags+0x9b/0x490
[   81.388694][ T3141]  vfs_fstatat+0x26/0xe0
[   81.388699][ T3141]  __se_sys_newfstatat+0xc0/0x300
[   81.388705][ T3141]  do_syscall_64+0x8f/0x250
[   81.388710][ T3141]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   81.388715][ T3141] 
[   81.388717][ T3141] Memory state around the buggy address:
[   81.388721][ T3141]  ffff888019e74c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   81.388725][ T3141]  ffff888019e74d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   81.388730][ T3141] >ffff888019e74d80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   81.388733][ T3141]                          ^
[   81.388736][ T3141]  ffff888019e74e00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   81.388740][ T3141]  ffff888019e74e80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   81.388743][ T3141] ==================================================================
[   81.388751][ T3141] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   81.389036][ T3141] Kernel Offset: disabled