[   71.237689][  T779] cfg80211: failed to load regulatory.db
Warning: Permanently added '10.128.10.18' (ED25519) to the list of known hosts.
2025/08/24 09:29:34 parsed 1 programs
[   78.335853][ T3499] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
2025/08/24 09:29:45 executed programs: 0
[   87.343564][ T3970] loop2: detected capacity change from 0 to 32768
[   87.344339][ T3970] =======================================================
[   87.344339][ T3970] WARNING: The mand mount option has been deprecated and
[   87.344339][ T3970]          and is ignored by this kernel. Remove the mand
[   87.344339][ T3970]          option from the mount to silence this warning.
[   87.344339][ T3970] =======================================================
[   87.433450][ T3970] ocfs2: Mounting device (7,2) on (node local, slot 0) with writeback data mode.
[   87.543176][ T3514] ==================================================================
[   87.543189][ T3514] BUG: KASAN: slab-use-after-free in ocfs2_get_system_file_inode+0x179/0x630
[   87.543243][ T3514] Read of size 8 at addr ffff8880273dd090 by task syz-executor/3514
[   87.543250][ T3514] 
[   87.543263][ T3514] CPU: 1 UID: 0 PID: 3514 Comm: syz-executor Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[   87.543274][ T3514] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   87.543284][ T3514] Call Trace:
[   87.543289][ T3514]  <TASK>
[   87.543292][ T3514]  dump_stack_lvl+0xf4/0x170
[   87.543302][ T3514]  ? __pfx_dump_stack_lvl+0x10/0x10
[   87.543309][ T3514]  ? rcu_is_watching+0x1f/0xa0
[   87.543316][ T3514]  ? __virt_addr_valid+0x176/0x2b0
[   87.543324][ T3514]  ? lock_release+0x42/0x2f0
[   87.543330][ T3514]  ? lock_acquire+0x69/0x210
[   87.543336][ T3514]  ? __virt_addr_valid+0x176/0x2b0
[   87.543342][ T3514]  ? __virt_addr_valid+0x262/0x2b0
[   87.543350][ T3514]  print_report+0xca/0x220
[   87.543358][ T3514]  ? ocfs2_get_system_file_inode+0x179/0x630
[   87.543363][ T3514]  kasan_report+0x118/0x150
[   87.543371][ T3514]  ? ocfs2_get_system_file_inode+0x179/0x630
[   87.543378][ T3514]  ocfs2_get_system_file_inode+0x179/0x630
[   87.543385][ T3514]  ? __pfx_ocfs2_remove_refcount_tree+0x10/0x10
[   87.543392][ T3514]  ? __pfx_ocfs2_get_system_file_inode+0x10/0x10
[   87.543398][ T3514]  ? _raw_spin_unlock_irqrestore+0xa0/0x100
[   87.543407][ T3514]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   87.543416][ T3514]  ? rwbase_write_lock+0x4d6/0x8d0
[   87.543423][ T3514]  ocfs2_evict_inode+0xe00/0x3030
[   87.543432][ T3514]  ? __pfx_ocfs2_evict_inode+0x10/0x10
[   87.543439][ T3514]  ? rtlock_slowlock_locked+0xd0/0x3a60
[   87.543448][ T3514]  ? try_to_take_rt_mutex+0x810/0xa80
[   87.543457][ T3514]  ? rtlock_slowlock_locked+0xd0/0x3a60
[   87.543463][ T3514]  ? is_module_text_address+0x1d/0x150
[   87.543471][ T3514]  ? is_module_text_address+0x1d/0x150
[   87.543478][ T3514]  ? do_raw_spin_lock+0x121/0x2c0
[   87.543488][ T3514]  ? try_to_take_rt_mutex+0x810/0xa80
[   87.543495][ T3514]  ? rtlock_slowlock_locked+0xd0/0x3a60
[   87.543503][ T3514]  ? try_to_take_rt_mutex+0x810/0xa80
[   87.543510][ T3514]  ? do_raw_spin_lock+0x121/0x2c0
[   87.543518][ T3514]  ? do_raw_spin_unlock+0x122/0x240
[   87.543525][ T3514]  ? _raw_spin_unlock_irqrestore+0xa0/0x100
[   87.543532][ T3514]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   87.543540][ T3514]  ? rt_mutex_slowunlock+0x445/0x710
[   87.543547][ T3514]  ? __pfx_migrate_enable+0x10/0x10
[   87.543556][ T3514]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[   87.543571][ T3514]  evict+0x3ed/0x8e0
[   87.543580][ T3514]  ? __pfx_evict+0x10/0x10
[   87.543587][ T3514]  ? iput+0x476/0x6a0
[   87.543596][ T3514]  vfs_rmdir+0x34f/0x400
[   87.543604][ T3514]  do_rmdir+0x212/0x4d0
[   87.543611][ T3514]  ? __pfx_do_rmdir+0x10/0x10
[   87.543618][ T3514]  ? getname_flags+0x151/0x490
[   87.543626][ T3514]  __x64_sys_unlinkat+0x92/0xb0
[   87.543633][ T3514]  do_syscall_64+0x8f/0x180
[   87.543639][ T3514]  ? fpregs_assert_state_consistent+0x48/0x60
[   87.543645][ T3514]  ? clear_bhb_loop+0x25/0x80
[   87.543652][ T3514]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   87.543659][ T3514] RIP: 0033:0x7faf6b71e1c7
[   87.543669][ T3514] Code: 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 07 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   87.543675][ T3514] RSP: 002b:00007ffd3dbbb1f8 EFLAGS: 00000207 ORIG_RAX: 0000000000000107
[   87.543684][ T3514] RAX: ffffffffffffffda RBX: 0000000000000065 RCX: 00007faf6b71e1c7
[   87.543689][ T3514] RDX: 0000000000000200 RSI: 00007ffd3dbbc3a0 RDI: 00000000ffffff9c
[   87.543693][ T3514] RBP: 00007faf6b7a1c05 R08: 00005555759bb54b R09: 0000000000000000
[   87.543697][ T3514] R10: 0000000000001000 R11: 0000000000000207 R12: 00007ffd3dbbc3a0
[   87.543700][ T3514] R13: 00007faf6b7a1c05 R14: 000000000001553d R15: 00007ffd3dbbe560
[   87.543706][ T3514]  </TASK>
[   87.543708][ T3514] 
[   87.543710][ T3514] Allocated by task 3786:
[   87.543714][ T3514]  kasan_save_track+0x3e/0x80
[   87.543719][ T3514]  __kasan_slab_alloc+0x6c/0x80
[   87.543724][ T3514]  kmem_cache_alloc_noprof+0x131/0x360
[   87.543733][ T3514]  getname_flags+0x9b/0x490
[   87.543739][ T3514]  do_sys_openat2+0xac/0x180
[   87.543744][ T3514]  __x64_sys_openat+0xf3/0x120
[   87.543748][ T3514]  do_syscall_64+0x8f/0x180
[   87.543753][ T3514]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   87.543758][ T3514] 
[   87.543760][ T3514] Freed by task 3786:
[   87.543763][ T3514]  kasan_save_track+0x3e/0x80
[   87.543768][ T3514]  kasan_save_free_info+0x46/0x50
[   87.543775][ T3514]  __kasan_slab_free+0x62/0x70
[   87.543780][ T3514]  kmem_cache_free+0x171/0x500
[   87.543785][ T3514]  do_sys_openat2+0x125/0x180
[   87.543790][ T3514]  __x64_sys_openat+0xf3/0x120
[   87.543794][ T3514]  do_syscall_64+0x8f/0x180
[   87.543798][ T3514]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   87.543802][ T3514] 
[   87.543804][ T3514] The buggy address belongs to the object at ffff8880273dc400
[   87.543804][ T3514]  which belongs to the cache names_cache of size 4096
[   87.543811][ T3514] The buggy address is located 3216 bytes inside of
[   87.543811][ T3514]  freed 4096-byte region [ffff8880273dc400, ffff8880273dd400)
[   87.543816][ T3514] 
[   87.543818][ T3514] The buggy address belongs to the physical page:
[   87.543822][ T3514] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x273d8
[   87.543833][ T3514] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   87.543838][ T3514] flags: 0x80000000000040(head|node=0|zone=1)
[   87.543848][ T3514] page_type: f5(slab)
[   87.543854][ T3514] raw: 0080000000000040 ffff88814040a780 dead000000000122 0000000000000000
[   87.543860][ T3514] raw: 0000000000000000 0000000000070007 00000000f5000000 0000000000000000
[   87.543864][ T3514] head: 0080000000000040 ffff88814040a780 dead000000000122 0000000000000000
[   87.543868][ T3514] head: 0000000000000000 0000000000070007 00000000f5000000 0000000000000000
[   87.543873][ T3514] head: 0080000000000003 ffffea00009cf601 00000000ffffffff 00000000ffffffff
[   87.543877][ T3514] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000008
[   87.543879][ T3514] page dumped because: kasan: bad access detected
[   87.543886][ T3514] page_owner tracks the page as allocated
[   87.543889][ T3514] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 3786, tgid 3786 (modprobe), ts 84266413221, free_ts 84241111608
[   87.543900][ T3514]  post_alloc_hook+0x168/0x1a0
[   87.543907][ T3514]  get_page_from_freelist+0x2856/0x28f0
[   87.543914][ T3514]  __alloc_frozen_pages_noprof+0x26b/0x460
[   87.543921][ T3514]  alloc_pages_mpol+0xcb/0x270
[   87.543928][ T3514]  allocate_slab+0x8a/0x350
[   87.543934][ T3514]  ___slab_alloc+0x7fc/0xc60
[   87.543940][ T3514]  kmem_cache_alloc_noprof+0xcb/0x360
[   87.543947][ T3514]  getname_flags+0x9b/0x490
[   87.543953][ T3514]  do_sys_openat2+0xac/0x180
[   87.543958][ T3514]  __x64_sys_openat+0xf3/0x120
[   87.543962][ T3514]  do_syscall_64+0x8f/0x180
[   87.543965][ T3514]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   87.543970][ T3514] page last free pid 3784 tgid 3784 stack trace:
[   87.543974][ T3514]  __free_frozen_pages+0xa6e/0xc30
[   87.543979][ T3514]  __put_partials+0x15a/0x1b0
[   87.543985][ T3514]  __slab_free+0x290/0x370
[   87.543990][ T3514]  qlist_free_all+0x97/0x140
[   87.543995][ T3514]  kasan_quarantine_reduce+0x148/0x160
[   87.544000][ T3514]  __kasan_slab_alloc+0x22/0x80
[   87.544006][ T3514]  __kmalloc_noprof+0x18b/0x470
[   87.544010][ T3514]  tomoyo_realpath_from_path+0xf5/0x550
[   87.544019][ T3514]  tomoyo_path_perm+0x1d3/0x460
[   87.544024][ T3514]  security_inode_getattr+0xbf/0x1a0
[   87.544031][ T3514]  __se_sys_newfstat+0xd4/0x370
[   87.544036][ T3514]  do_syscall_64+0x8f/0x180
[   87.544040][ T3514]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   87.544045][ T3514] 
[   87.544047][ T3514] Memory state around the buggy address:
[   87.544051][ T3514]  ffff8880273dcf80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   87.544055][ T3514]  ffff8880273dd000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   87.544059][ T3514] >ffff8880273dd080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   87.544062][ T3514]                          ^
[   87.544065][ T3514]  ffff8880273dd100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   87.544069][ T3514]  ffff8880273dd180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   87.544072][ T3514] ==================================================================
[   87.544081][ T3514] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   87.544284][ T3514] Kernel Offset: disabled