[   92.126110][   T45] cfg80211: failed to load regulatory.db
Warning: Permanently added '10.128.0.63' (ED25519) to the list of known hosts.
2025/09/18 17:29:04 parsed 1 programs
[  101.440991][ T5842] cgroup: Unknown subsys name 'net'
[  101.707808][ T5842] cgroup: Unknown subsys name 'cpuset'
[  101.772629][ T5842] cgroup: Unknown subsys name 'rlimit'
[  103.755539][ T5842] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  107.298167][ T5863] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  107.299984][   T59] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  107.300679][   T59] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  107.302958][   T59] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  107.303973][   T59] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  107.955472][   T88] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  107.955499][   T88] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  108.135783][   T88] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  108.135804][   T88] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  114.202426][ T5915] chnl_net:caif_netlink_parms(): no params data found
[  114.635560][ T5915] bridge0: port 1(bridge_slave_0) entered blocking state
[  114.637676][ T5915] bridge0: port 1(bridge_slave_0) entered disabled state
[  114.637838][ T5915] bridge_slave_0: entered allmulticast mode
[  114.639883][ T5915] bridge_slave_0: entered promiscuous mode
[  114.648974][ T5915] bridge0: port 2(bridge_slave_1) entered blocking state
[  114.649287][ T5915] bridge0: port 2(bridge_slave_1) entered disabled state
[  114.649516][ T5915] bridge_slave_1: entered allmulticast mode
[  114.654945][ T5915] bridge_slave_1: entered promiscuous mode
[  114.829733][ T5915] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  114.837032][ T5915] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  115.006278][ T5915] team0: Port device team_slave_0 added
[  115.009199][ T5915] team0: Port device team_slave_1 added
[  115.156323][ T5915] batman_adv: batadv0: Adding interface: batadv_slave_0
[  115.156337][ T5915] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  115.156356][ T5915] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  115.159170][ T5915] batman_adv: batadv0: Adding interface: batadv_slave_1
[  115.159186][ T5915] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  115.159213][ T5915] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  115.321196][ T5915] hsr_slave_0: entered promiscuous mode
[  115.323393][ T5915] hsr_slave_1: entered promiscuous mode
[  115.763847][ T5915] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  115.814870][ T5915] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  115.837473][ T5915] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  115.876712][ T5915] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  116.137620][ T5915] 8021q: adding VLAN 0 to HW filter on device bond0
[  116.163749][ T5915] 8021q: adding VLAN 0 to HW filter on device team0
[  116.171659][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  116.172858][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  116.198481][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  116.199047][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[  116.474241][ T5915] 8021q: adding VLAN 0 to HW filter on device batadv0
[  116.555783][ T5915] veth0_vlan: entered promiscuous mode
[  116.565183][ T5915] veth1_vlan: entered promiscuous mode
[  116.614486][ T5915] veth0_macvtap: entered promiscuous mode
[  116.620389][ T5915] veth1_macvtap: entered promiscuous mode
[  116.646775][ T5915] batman_adv: batadv0: Interface activated: batadv_slave_0
[  116.660075][ T5915] batman_adv: batadv0: Interface activated: batadv_slave_1
[  116.678841][   T88] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  116.679148][   T88] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  116.679206][   T88] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  116.679245][   T88] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  117.448928][   T88] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  117.715413][   T88] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  117.975056][   T88] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  118.217771][   T88] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
2025/09/18 17:29:25 executed programs: 0
[  118.982090][   T59] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  118.985190][   T59] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  118.986331][   T59] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  118.987671][   T59] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  118.988626][   T59] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  119.300819][ T5950] chnl_net:caif_netlink_parms(): no params data found
[  119.607265][ T5950] bridge0: port 1(bridge_slave_0) entered blocking state
[  119.607436][ T5950] bridge0: port 1(bridge_slave_0) entered disabled state
[  119.607584][ T5950] bridge_slave_0: entered allmulticast mode
[  119.609735][ T5950] bridge_slave_0: entered promiscuous mode
[  119.617427][ T5950] bridge0: port 2(bridge_slave_1) entered blocking state
[  119.617611][ T5950] bridge0: port 2(bridge_slave_1) entered disabled state
[  119.618317][ T5950] bridge_slave_1: entered allmulticast mode
[  119.621601][ T5950] bridge_slave_1: entered promiscuous mode
[  119.784013][ T5950] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  119.824408][ T5950] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  120.006782][ T5950] team0: Port device team_slave_0 added
[  120.028007][ T5950] team0: Port device team_slave_1 added
[  120.307157][ T5950] batman_adv: batadv0: Adding interface: batadv_slave_0
[  120.307177][ T5950] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  120.307206][ T5950] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  120.308015][   T88] bridge_slave_1: left allmulticast mode
[  120.308214][   T88] bridge_slave_1: left promiscuous mode
[  120.309534][   T88] bridge0: port 2(bridge_slave_1) entered disabled state
[  120.413635][   T88] bridge_slave_0: left allmulticast mode
[  120.413663][   T88] bridge_slave_0: left promiscuous mode
[  120.413868][   T88] bridge0: port 1(bridge_slave_0) entered disabled state
[  121.089120][ T5154] Bluetooth: hci0: command tx timeout
[  122.083036][   T88] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  122.162776][   T88] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  122.186373][   T88] bond0 (unregistering): Released all slaves
[  122.246708][ T5950] batman_adv: batadv0: Adding interface: batadv_slave_1
[  122.246722][ T5950] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  122.246742][ T5950] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  122.527114][ T5950] hsr_slave_0: entered promiscuous mode
[  122.528512][ T5950] hsr_slave_1: entered promiscuous mode
[  122.529844][ T5950] debugfs: 'hsr0' already exists in 'hsr'
[  122.529964][ T5950] Cannot create hsr debugfs directory
[  122.685225][   T88] hsr_slave_0: left promiscuous mode
[  122.702001][   T88] hsr_slave_1: left promiscuous mode
[  122.703184][   T88] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  122.703261][   T88] batman_adv: batadv0: Removing interface: batadv_slave_0
[  122.757518][   T88] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  122.757644][   T88] batman_adv: batadv0: Removing interface: batadv_slave_1
[  122.887880][   T88] veth1_macvtap: left promiscuous mode
[  122.888151][   T88] veth0_macvtap: left promiscuous mode
[  122.888490][   T88] veth1_vlan: left promiscuous mode
[  122.888829][   T88] veth0_vlan: left promiscuous mode
[  123.163148][ T5154] Bluetooth: hci0: command tx timeout
[  125.022844][   T88] team0 (unregistering): Port device team_slave_1 removed
[  125.242029][ T5154] Bluetooth: hci0: command tx timeout
[  125.253867][   T88] team0 (unregistering): Port device team_slave_0 removed
[  127.322285][ T5154] Bluetooth: hci0: command tx timeout
[  128.973750][ T5950] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  129.006834][ T5950] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  129.047481][ T5950] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  129.100184][ T5950] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  129.525143][ T5950] 8021q: adding VLAN 0 to HW filter on device bond0
[  129.579933][ T5950] 8021q: adding VLAN 0 to HW filter on device team0
[  129.591212][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  129.592071][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  129.649181][ T4340] bridge0: port 2(bridge_slave_1) entered blocking state
[  129.649337][ T4340] bridge0: port 2(bridge_slave_1) entered forwarding state
[  129.947315][ T5950] 8021q: adding VLAN 0 to HW filter on device batadv0
[  129.999260][ T5950] veth0_vlan: entered promiscuous mode
[  130.009399][ T5950] veth1_vlan: entered promiscuous mode
[  130.048718][ T5950] veth0_macvtap: entered promiscuous mode
[  130.056358][ T5950] veth1_macvtap: entered promiscuous mode
[  130.078399][ T5950] batman_adv: batadv0: Interface activated: batadv_slave_0
[  130.094825][ T5950] batman_adv: batadv0: Interface activated: batadv_slave_1
[  130.111804][   T88] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  130.112082][   T37] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  130.112317][   T37] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  130.112357][   T37] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  130.330423][   T88] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  130.330446][   T88] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  130.389313][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  130.389337][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2025/09/18 17:29:37 executed programs: 2
[  130.788575][ T6027] loop0: detected capacity change from 0 to 32768
[  130.799499][ T6027] =======================================================
[  130.799499][ T6027] WARNING: The mand mount option has been deprecated and
[  130.799499][ T6027]          and is ignored by this kernel. Remove the mand
[  130.799499][ T6027]          option from the mount to silence this warning.
[  130.799499][ T6027] =======================================================
[  130.948538][ T6027] ocfs2: Mounting device (7,0) on (node local, slot 0) with writeback data mode.
[  130.966512][ T6027] (syz.0.17,6027,1):ocfs2_check_dir_entry:325 ERROR: bad entry in directory #65: rec_len is smaller than minimal - offset=64032, inode=0, rec_len=0, name_len=0
[  131.031554][ T5950] ocfs2: Unmounting device (7,0) on (node local)
[  131.493409][ T6030] loop0: detected capacity change from 0 to 32768
[  131.534230][ T6030] ocfs2: Mounting device (7,0) on (node local, slot 0) with writeback data mode.
[  131.539722][ T6030] (syz.0.18,6030,0):ocfs2_check_dir_entry:325 ERROR: bad entry in directory #65: rec_len is smaller than minimal - offset=64032, inode=0, rec_len=0, name_len=0
[  131.630759][ T5950] ocfs2: Unmounting device (7,0) on (node local)
[  132.058285][ T6035] loop0: detected capacity change from 0 to 32768
[  132.109548][ T6035] ocfs2: Mounting device (7,0) on (node local, slot 0) with writeback data mode.
[  132.119586][ T6035] (syz.0.19,6035,1):ocfs2_check_dir_entry:325 ERROR: bad entry in directory #65: rec_len is smaller than minimal - offset=64032, inode=0, rec_len=0, name_len=0
[  132.177796][ T5950] ocfs2: Unmounting device (7,0) on (node local)
[  132.604904][ T6039] loop0: detected capacity change from 0 to 32768
[  132.657785][ T6039] ocfs2: Mounting device (7,0) on (node local, slot 0) with writeback data mode.
[  132.660545][ T6039] (syz.0.20,6039,0):ocfs2_check_dir_entry:325 ERROR: bad entry in directory #65: directory entry overrun - offset=64032, inode=0, rec_len=96, name_len=0
[  132.731272][ T5950] ocfs2: Unmounting device (7,0) on (node local)
[  133.113504][ T6042] loop0: detected capacity change from 0 to 32768
[  133.161660][ T6042] ocfs2: Mounting device (7,0) on (node local, slot 0) with writeback data mode.
[  133.175161][ T6042] (syz.0.21,6042,1):ocfs2_check_dir_entry:325 ERROR: bad entry in directory #65: rec_len is smaller than minimal - offset=64032, inode=0, rec_len=0, name_len=0
[  133.228300][ T5950] ocfs2: Unmounting device (7,0) on (node local)
[  133.658327][ T6045] loop0: detected capacity change from 0 to 32768
[  133.693764][ T6045] ocfs2: Mounting device (7,0) on (node local, slot 0) with writeback data mode.
[  133.697241][ T6045] (syz.0.22,6045,0):ocfs2_check_dir_entry:325 ERROR: bad entry in directory #65: rec_len is smaller than minimal - offset=64032, inode=0, rec_len=0, name_len=0
[  133.770467][ T5950] ocfs2: Unmounting device (7,0) on (node local)
[  134.181540][ T6048] loop0: detected capacity change from 0 to 32768
[  134.229802][ T6048] ocfs2: Mounting device (7,0) on (node local, slot 0) with writeback data mode.
[  134.235057][ T6048] (syz.0.23,6048,1):ocfs2_check_dir_entry:325 ERROR: bad entry in directory #65: rec_len is smaller than minimal - offset=64032, inode=0, rec_len=0, name_len=0
[  134.270873][ T5950] ocfs2: Unmounting device (7,0) on (node local)
[  134.674165][ T6052] loop0: detected capacity change from 0 to 32768
[  134.717849][ T6052] ocfs2: Mounting device (7,0) on (node local, slot 0) with writeback data mode.
[  134.725088][ T6052] (syz.0.24,6052,0):ocfs2_check_dir_entry:325 ERROR: bad entry in directory #65: rec_len is smaller than minimal - offset=64032, inode=0, rec_len=0, name_len=0
[  134.781600][ T5950] ocfs2: Unmounting device (7,0) on (node local)
[  135.136989][ T6055] loop0: detected capacity change from 0 to 32768
[  135.179891][ T6055] ocfs2: Mounting device (7,0) on (node local, slot 0) with writeback data [  135.179891][ T6055] ocfs2: Mounting device (7,0) on (node local, slot 0) with writeback data mode.
[  135.187232][ T6055] ==================================================================
[  135.187254][ T6055] BUG: KASAN: use-after-free in ocfs2_dir_foreach_blk+0x1501/0x18a0
[  135.187304][ T6055] Read of size 2 at addr ffff888051484cf0 by task syz.0.25/6055
[  135.187323][ T6055] 
[  135.187356][ T6055] CPU: 0 UID: 0 PID: 6055 Comm: syz.0.25 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  135.187384][ T6055] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  135.187408][ T6055] Call Trace:
[  135.187416][ T6055]  <TASK>
[  135.187425][ T6055]  dump_stack_lvl+0x189/0x250
[  135.187462][ T6055]  ? __kasan_check_byte+0x12/0x40
[  135.187496][ T6055]  ? __pfx_dump_stack_lvl+0x10/0x10
[  135.187531][ T6055]  ? lock_release+0x4b/0x3e0
[  135.187567][ T6055]  ? __virt_addr_valid+0x4a5/0x5c0
[  135.187591][ T6055]  print_report+0xca/0x240
[  135.187621][ T6055]  ? ocfs2_dir_foreach_blk+0x1501/0x18a0
[  135.187650][ T6055]  kasan_report+0x118/0x150
[  135.187687][ T6055]  ? inode_query_iversion+0x11a/0x170
[  135.187723][ T6055]  ? ocfs2_dir_foreach_blk+0x1501/0x18a0
[  135.187759][ T6055]  ocfs2_dir_foreach_blk+0x1501/0x18a0
[  135.187801][ T6055]  ? __pfx_ocfs2_dir_foreach_blk+0x10/0x10
[  135.187834][ T6055]  ? ocfs2_inode_lock_atime+0x232/0x4e0
[  135.187861][ T6055]  ? __pfx_ocfs2_inode_lock_atime+0x10/0x10
[  135.187888][ T6055]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  135.187927][ T6055]  ? lockdep_hardirqs_on+0x9c/0x150
[  135.187965][ T6055]  ocfs2_readdir+0x260/0x4d0
[  135.187997][ T6055]  ? __pfx_ocfs2_readdir+0x10/0x10
[  135.188026][ T6055]  ? rwbase_write_lock+0x56f/0x750
[  135.188054][ T6055]  ? __pfx_ocfs2_readdir+0x10/0x10
[  135.188085][ T6055]  wrap_directory_iterator+0x99/0xe0
[  135.188115][ T6055]  iterate_dir+0x3a5/0x580
[  135.188145][ T6055]  __se_sys_getdents+0xe4/0x250
[  135.188175][ T6055]  ? __pfx___se_sys_getdents+0x10/0x10
[  135.188202][ T6055]  ? __pfx_filldir+0x10/0x10
[  135.188231][ T6055]  ? __x64_sys_lseek+0x187/0x1f0
[  135.188282][ T6055]  ? do_syscall_64+0xbe/0x3b0
[  135.188306][ T6055]  do_syscall_64+0xfa/0x3b0
[  135.188327][ T6055]  ? lockdep_hardirqs_on+0x9c/0x150
[  135.188361][ T6055]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  135.188383][ T6055]  ? clear_bhb_loop+0x60/0xb0
[  135.188410][ T6055]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  135.188432][ T6055] RIP: 0033:0x7fb02435eba9
[  135.188458][ T6055] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  135.188478][ T6055] RSP: 002b:00007ffd25c00148 EFLAGS: 00000246 ORIG_RAX: 000000000000004e
[  135.188514][ T6055] RAX: ffffffffffffffda RBX: 00007fb0245a5fa0 RCX: 00007fb02435eba9
[  135.188532][ T6055] RDX: 0000000000000054 RSI: 0000000000000000 RDI: 0000000000000004
[  135.188547][ T6055] RBP: 00007fb0243e1e19 R08: 0000000000000000 R09: 0000000000000000
[  135.188561][ T6055] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  135.188576][ T6055] R13: 00007fb0245a5fa0 R14: 00007fb0245a5fa0 R15: 0000000000000003
[  135.188602][ T6055]  </TASK>
[  135.188611][ T6055] 
[  135.188616][ T6055] The buggy address belongs to the physical page:
[  135.188638][ T6055] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x7f6d7e2d4 pfn:0x51484
[  135.188670][ T6055] flags: 0x80000000000000(node=0|zone=1)
[  135.188703][ T6055] raw: 0080000000000000 ffffea0001452148 ffffea00014520c8 0000000000000000
[  135.188722][ T6055] raw: 00000007f6d7e2d4 0000000000000000 00000000ffffffff 0000000000000000
[  135.188734][ T6055] page dumped because: kasan: bad access detected
[  135.188751][ T6055] page_owner tracks the page as freed
[  135.188759][ T6055] page last allocated via order 0, migratetype Movable, gfp_mask 0x140dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO|__GFP_COMP), pid 5842, tgid 5842 (syz-executor), ts 104017277507, free_ts 105163598569
[  135.188799][ T6055]  post_alloc_hook+0x240/0x2a0
[  135.188832][ T6055]  get_page_from_freelist+0x2119/0x21b0
[  135.188854][ T6055]  __alloc_frozen_pages_noprof+0x181/0x370
[  135.188876][ T6055]  alloc_pages_mpol+0xd1/0x380
[  135.188905][ T6055]  vma_alloc_folio_noprof+0xe4/0x280
[  135.188934][ T6055]  folio_prealloc+0x30/0x180
[  135.188953][ T6055]  handle_mm_fault+0x12ee/0x3400
[  135.188983][ T6055]  do_user_addr_fault+0xa81/0x1390
[  135.189009][ T6055]  exc_page_fault+0x76/0xf0
[  135.189039][ T6055]  asm_exc_page_fault+0x26/0x30
[  135.189059][ T6055] page last free pid 5842 tgid 5842 stack trace:
[  135.189072][ T6055]  free_unref_folios+0xd66/0x1460
[  135.189103][ T6055]  folios_put_refs+0x569/0x670
[  135.189124][ T6055]  free_pages_and_swap_cache+0x277/0x520
[  135.189147][ T6055]  tlb_flush_mmu+0x3a0/0x680
[  135.189168][ T6055]  tlb_finish_mmu+0xc3/0x1d0
[  135.189187][ T6055]  vms_clear_ptes+0x42c/0x540
[  135.189213][ T6055]  vms_complete_munmap_vmas+0x206/0x8a0
[  135.189238][ T6055]  do_vmi_align_munmap+0x369/0x440
[  135.189261][ T6055]  do_vmi_munmap+0x253/0x2e0
[  135.189284][ T6055]  __vm_munmap+0x23b/0x3d0
[  135.189313][ T6055]  __x64_sys_munmap+0x60/0x70
[  135.189344][ T6055]  do_syscall_64+0xfa/0x3b0
[  135.189363][ T6055]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  135.189383][ T6055] 
[  135.189388][ T6055] Memory state around the buggy address:
[  135.189401][ T6055]  ffff888051484b80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  135.189432][ T6055]  ffff888051484c00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  135.189448][ T6055] >ffff888051484c80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  135.189459][ T6055]                                                              ^
[  135.189473][ T6055]  ffff888051484d00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  135.189488][ T6055]  ffff888051484d80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  135.189499][ T6055] ==================================================================
[  135.189611][ T6055] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  135.189629][ T6055] CPU: 0 UID: 0 PID: 6055 Comm: syz.0.25 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  135.189668][ T6055] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  135.189681][ T6055] Call Trace:
[  135.189690][ T6055]  <TASK>
[  135.189699][ T6055]  dump_stack_lvl+0x99/0x250
[  135.189734][ T6055]  ? __asan_memcpy+0x40/0x70
[  135.189758][ T6055]  ? __pfx_dump_stack_lvl+0x10/0x10
[  135.189792][ T6055]  ? __pfx__printk+0x10/0x10
[  135.189837][ T6055]  vpanic+0x281/0x750
[  135.189870][ T6055]  ? preempt_schedule+0xae/0xc0
[  135.189904][ T6055]  ? __pfx_vpanic+0x10/0x10
[  135.189935][ T6055]  ? preempt_schedule_common+0x83/0xd0
[  135.189969][ T6055]  ? preempt_schedule+0xae/0xc0
[  135.190000][ T6055]  ? __pfx_preempt_schedule+0x10/0x10
[  135.190037][ T6055]  panic+0xb9/0xc0
[  135.190068][ T6055]  ? __pfx_panic+0x10/0x10
[  135.190104][ T6055]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[  135.190144][ T6055]  ? ocfs2_dir_foreach_blk+0x1501/0x18a0
[  135.190174][ T6055]  check_panic_on_warn+0x89/0xb0
[  135.190198][ T6055]  ? ocfs2_dir_foreach_blk+0x1501/0x18a0
[  135.190227][ T6055]  end_report+0x78/0x160
[  135.190257][ T6055]  kasan_report+0x129/0x150
[  135.190285][ T6055]  ? inode_query_iversion+0x11a/0x170
[  135.190321][ T6055]  ? ocfs2_dir_foreach_blk+0x1501/0x18a0
[  135.190356][ T6055]  ocfs2_dir_foreach_blk+0x1501/0x18a0
[  135.190396][ T6055]  ? __pfx_ocfs2_dir_foreach_blk+0x10/0x10
[  135.190426][ T6055]  ? ocfs2_inode_lock_atime+0x232/0x4e0
[  135.190450][ T6055]  ? __pfx_ocfs2_inode_lock_atime+0x10/0x10
[  135.190477][ T6055]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  135.190512][ T6055]  ? lockdep_hardirqs_on+0x9c/0x150
[  135.190550][ T6055]  ocfs2_readdir+0x260/0x4d0
[  135.190582][ T6055]  ? __pfx_ocfs2_readdir+0x10/0x10
[  135.190611][ T6055]  ? rwbase_write_lock+0x56f/0x750
[  135.190640][ T6055]  ? __pfx_ocfs2_readdir+0x10/0x10
[  135.190676][ T6055]  wrap_directory_iterator+0x99/0xe0
[  135.190707][ T6055]  iterate_dir+0x3a5/0x580
[  135.190736][ T6055]  __se_sys_getdents+0xe4/0x250
[  135.190765][ T6055]  ? __pfx___se_sys_getdents+0x10/0x10
[  135.190792][ T6055]  ? __pfx_filldir+0x10/0x10
[  135.190820][ T6055]  ? __x64_sys_lseek+0x187/0x1f0
[  135.190849][ T6055]  ? do_syscall_64+0xbe/0x3b0
[  135.190872][ T6055]  do_syscall_64+0xfa/0x3b0
[  135.190894][ T6055]  ? lockdep_hardirqs_on+0x9c/0x150
[  135.190927][ T6055]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  135.190951][ T6055]  ? clear_bhb_loop+0x60/0xb0
[  135.190976][ T6055]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  135.190999][ T6055] RIP: 0033:0x7fb02435eba9
[  135.191019][ T6055] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  135.191038][ T6055] RSP: 002b:00007ffd25c00148 EFLAGS: 00000246 ORIG_RAX: 000000000000004e
[  135.191061][ T6055] RAX: ffffffffffffffda RBX: 00007fb0245a5fa0 RCX: 00007fb02435eba9
[  135.191079][ T6055] RDX: 0000000000000054 RSI: 0000000000000000 RDI: 0000000000000004
[  135.191093][ T6055] RBP: 00007fb0243e1e19 R08: 0000000000000000 R09: 0000000000000000
[  135.191108][ T6055] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  135.191123][ T6055] R13: 00007fb0245a5fa0 R14: 00007fb0245a5fa0 R15: 0000000000000003
[  135.191148][ T6055]  </TASK>
[  135.191486][ T6055] Kernel Offset: disabled